42925 matches found
OpenVPN 2.6.0 < 2.6.21 / 2.7.x < 2.7.5 Multiple Vulnerabilities
According to its self-reported version number, the version of OpenVPN installed on the remote Windows host is affected by multiple vulnerabilities: - A use-after-free bug in ackwritebuf, triggerable by a well-timed sequence of control channel and authentication packets. CVE-2026-12996 - A...
Linux Distros Unpatched Vulnerability : CVE-2026-59925
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences of well- formed double-asterisk or triple-asterisk emphasis pairs...
CVE-2026-44161 Fluentd: Server-Side Request Forgery (SSRF) via Placeholder Expansion in `out_http`
Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, the Fluentd outhttp output plugin allows placeholders such as $tag in the endpoint configuration parameter, and if a placeholder value is derived from untrusted...
CVE-2026-44161 Fluentd: Server-Side Request Forgery (SSRF) via Placeholder Expansion in `out_http`
Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, the Fluentd outhttp output plugin allows placeholders such as $tag in the endpoint configuration parameter, and if a placeholder value is derived from untrusted...
Security Bulletin: Nomad vulnerable to cross-namespace host volume claim deletion
Summary HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace...
CVE-2026-58494
Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-wasi hard-link creation and renaming check directory permissions but not matching FilePerms on source and destination preopens, allowing a WASI guest with a read-only source file capability to overwrite...
CVE-2026-14896
HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...
CVE-2026-58494 Wasmtime: WASI hard links bypass wasmtime-wasi's FilePerms for destination
Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-wasi hard-link creation and renaming check directory permissions but not matching FilePerms on source and destination preopens, allowing a WASI guest with a read-only source file capability to overwrite...
CVE-2026-58494
CVE-2026-58494 affects Wasmtime runtimes prior to the fixed versions 24.0.11, 36.0.12, 45.0.3, and 46.0.1. The issue arises in wasmtime-wasi where hard-link creation and renaming check directory permissions do not correctly match FilePerms on source and destination preopens. This can allow a WASI...
CVE-2026-58494 Wasmtime: WASI hard links bypass wasmtime-wasi's FilePerms for destination
Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-wasi hard-link creation and renaming check directory permissions but not matching FilePerms on source and destination preopens, allowing a WASI guest with a read-only source file capability to overwrite...
CVE-2026-14896 Nomad vulnerable to cross-namespace host volume claim deletion
HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...
CVE-2026-14896
HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature, potentially allowing an operator with host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. Root cau...
EUVD-2026-42392
HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...
Nomad vulnerable to cross-namespace host volume claim deletion
Summary HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace...
CVE-2026-14373
HashiCorp Nomad and Nomad Enterprise did not enforce the allowprivileged restriction for the Docker task driver's host namespace mode options. This may allow an authenticated job submitter to run a container in a host namespace and access information belonging to the host or to other workloads on...
CVE-2026-14891
HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to reading and writing files on the host. This vulnerability,...
CVE-2026-14891 Nomad vulnerable to sandbox escape in Docker task driver
HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to reading and writing files on the host. This vulnerability,...
CVE-2026-14891
HashiCorp Nomad and Nomad Enterprise are affected by a sandbox escape in the Docker task driver that can allow a job submitter to bind-mount a host path into a container, potentially enabling reading/writing host files even when volume bind mounts are disabled. Affected versions include Nomad Com...
EUVD-2026-42345
HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to reading and writing files on the host. This vulnerability,...
Nomad vulnerable to sandbox escape in Docker task driver
Summary HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to reading and writing files on the host. This...