Lucene search
K

15 matches found

Cvelist
Cvelist
added 2026/05/11 3:2 p.m.34 views

CVE-2026-42608 Grav: Unauthenticated Path Traversal & Arbitrary File Write in FormFlash component.

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, there is a Path Traversal vulnerability within the FormFlash core component. By manipulating the sessionid passed as form-flash-id in POST requests, an unauthenticated attacker can traverse the filesystem to create arbitrary directories an...

9.3CVSS0.00521EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/07 1:8 p.m.9 views

CVE-2026-41684 Incus: Nil Dereferences on Restore via Malformed YAML

Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy backup/container/backup.yaml file if result.Config == nil. As a result, an archive can carry a valid...

6.5CVSS5.7AI score0.00408EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2026/05/06 8:40 p.m.11 views

CVE-2026-40251

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The backup restore subsystem contains an...

7.1CVSS5.8AI score0.00408EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2026/05/06 8:33 p.m.10 views

CVE-2026-40195

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import logic allows an authenticated user with access to the storage bucket feature to cause the Incus daemon to crash. The vulnerability is present in the backup...

7.1CVSS5.8AI score0.00398EPSS
Exploits1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.12 views

Incus 代码问题漏洞

Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 7.0.0 contained code vulnerabilities. These vulnerabilities stemmed from a lack of validation logic in the bucket import process. This allowed authenticated users to use malicious or incorrectly...

7.1CVSS5.9AI score0.00398EPSS
Exploits1References1
OSV
OSV
added 2026/05/05 9:34 p.m.5 views

GHSA-HMCX-CH82-3FV2 Grav has Unauthenticated Path Traversal & Arbitrary File Write in its FormFlash component

Vulnerability Report: Grav CMS Unauthenticated Path Traversal & Arbitrary File Write ZERO-DAY Unauthenticated Path Traversal leading to Arbitrary Directory Creation and Configuration Injection Summary Grav CMS v1.7.49.5 and latest development source is vulnerable to a Zero-Day Path Traversal...

9.3CVSS5.9AI score0.00521EPSS
Exploits1References5
Snyk
Snyk
added 2026/05/04 7:45 p.m.6 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the restore process when handling a crafted backup archive containing a valid backup/index.yaml and a malformed legacy backup.yaml file that omits the container section. An attacker can cause the daemon to...

7.1CVSS5.8AI score0.00408EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/04 7:44 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the YAML metadata parsing process. An attacker can cause excessive memory consumption and potentially trigger an out-of-memory condition on the server by uploading a crafted image ...

5.3CVSS5.8AI score0.00269EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/04 7:44 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the YAML metadata parsing process. An attacker can cause excessive memory consumption and potentially trigger an out-of-memory condition on the server by uploading a crafted image ...

5.3CVSS5.8AI score0.00269EPSS
Exploits1References2
Snyk
Snyk
added 2025/08/14 12:5 a.m.2 views

Use of Uninitialized Resource

Overview github.com/helm/helm/pkg/repo is a package manager for kubernetes. Affected versions of this package are vulnerable to Use of Uninitialized Resource via improper validation when parsing Chart.yaml and index.yaml files. An attacker can cause a panic in the application by providing malform...

7.1CVSS6.9AI score0.00311EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/14 12:5 a.m.2 views

Use of Uninitialized Resource

Overview helm.sh/helm/v3/pkg/chartutil is a package manager for kubernetes. Affected versions of this package are vulnerable to Use of Uninitialized Resource via improper validation when parsing Chart.yaml and index.yaml files. An attacker can cause a panic in the application by providing malform...

7.1CVSS6.5AI score0.00311EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/14 12:5 a.m.2 views

Use of Uninitialized Resource

Overview helm.sh/helm/v3/pkg/repo is a package manager for kubernetes. Affected versions of this package are vulnerable to Use of Uninitialized Resource via improper validation when parsing Chart.yaml and index.yaml files. An attacker can cause a panic in the application by providing malformed or...

7.1CVSS6.9AI score0.00311EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/14 12:5 a.m.2 views

Use of Uninitialized Resource

Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource via improper validation when parsing Chart.yaml and index.yaml files. An attacker can cause a panic in the application by providing malformed or unexpected YAML content, such as a null maintainer, non-strin...

7.1CVSS6.9AI score0.00311EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/08/14 12:5 a.m.15 views

Helm May Panic Due To Incorrect YAML Content

A Helm contributor discovered an improper validation of type error when parsing Chart.yaml and index.yaml files that can lead to a panic. Impact There are two areas of YAML validation that were impacted. First, when a Chart.yaml file had a null maintainer or the child or parent of a dependencies...

6.5CVSS7.1AI score0.00311EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/06/16 10:15 p.m.4 views

AZL-6471 CVE-2021-32690 affecting package helm for versions less than 3.4.1-4

Helm is a tool for managing Charts packages of pre-configured Kubernetes resources. In versions of helm prior to 3.6.1, a vulnerability exists where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository. Thi...

8.6CVSS6.9AI score0.01395EPSS
Exploits0References1
Rows per page
Query Builder