Lucene search
K

525 matches found

EUVD
EUVD
added yesterday13 views

EUVD-2026-33432

golang.org/x/image/tiff has excessive resource consumption in PackBits decompression...

7.5CVSS5.8AI score0.00353EPSS
Exploits0References6
NVD
NVD
added 2 days ago5 views

CVE-2026-50195

containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint import process where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods ca...

9.9CVSS0.00316EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2 days ago6 views

CVE-2026-50195

containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint import process where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods ca...

9.9CVSS6.1AI score0.00316EPSS
Exploits0
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-41579 runc: Malicious image with /dev symlink can trigger limited host filesystem integrity violations

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions prior to 1.3.6, 1.4.0-rc.1, 1.4.0-rc.12, 1.5.0-rc.1, and 1.5.0-rc.1, when setting up the container rootfs, setupPtmx and setupDevSymlinks call os.Remove and os.Symlink with a filepath.Join strin...

3.3CVSS0.00222EPSS
Exploits0References2
CVE
CVE
added 2 days ago16 views

CVE-2026-41579

Technical details beyond the Initial Description are not provided in the connected documents; monitor for updates.

3.3CVSS5.9AI score0.00222EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 3 days ago7 views

CVE-2026-57231

A flaw was found in Podman, a tool for managing OCI containers and pods. A malicious container image can be crafted with an environment variable that has a key but no value, or an asterisk , to trick Podman. This vulnerability causes Podman to pass host environment variables into the container...

7.5CVSS5.6AI score0.0026EPSS
Exploits0References5
Cvelist
Cvelist
added last week32 views

CVE-2026-55686 Podman: WORKDIR symlink traversal vulnerability

Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the WORKDIR path contains a symlink can create a directory or modify ownership on the host filesystem. Modified ownership is less likely to happen as that requires help from an...

5.3CVSS0.00317EPSS
Exploits1References2
Cvelist
Cvelist
added last week36 views

CVE-2026-57231 Podman: Malformed Image can trick podman run into leaking host environment variables into the container

Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a key and no value can trick podman into passing that variable from the host into the container. This is made worse by the fact that using an asterisk wi...

7.5CVSS0.0026EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/22 8:1 p.m.6 views

runc: Malicious image with /dev symlink can trigger limited host filesystem integrity violations

Impact When setting up the container rootfs, setupPtmx and setupDevSymlinks call os.Remove and os.Symlink with a filepath.Join string which allow an image with /dev as a symlink to trick runc into deleting files called ptmx on the host or creating a hardcoded set of symlinks with specific names a...

3.3CVSS5.7AI score0.00222EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/22 8:1 p.m.15 views

GHSA-XJVP-4FHW-GC47 runc: Malicious image with /dev symlink can trigger limited host filesystem integrity violations

Impact When setting up the container rootfs, setupPtmx and setupDevSymlinks call os.Remove and os.Symlink with a filepath.Join string which allow an image with /dev as a symlink to trick runc into deleting files called ptmx on the host or creating a hardcoded set of symlinks with specific names a...

4.8CVSS5.7AI score0.00222EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 7:35 p.m.4 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the CRI checkpoint import. An attacker can cause arbitrary code execution by crafting a checkpoint image that forces the system to pull a malicious image and assign it an arbitrary local...

9.9CVSS6.5AI score0.00316EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.13 views

PT-2026-51048

Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.3.2 containerd versions prior to 2.2.5 containerd versions prior to 2.1.9 containerd versions prior to 2.0.10 containerd versions prior to 1.7.33 Description A maliciously crafted image can cause a Denial of...

6.9CVSS5.9AI score0.00458EPSS
Exploits0References45
RedHat Linux
RedHat Linux
added 2026/06/16 4:28 a.m.7 views

gimp: GIMP: Remote Code Execution via XPM File Parsing Integer Overflow

A flaw was found in GIMP. Remote attackers can exploit this vulnerability by tricking a user into opening a malicious XPM X PixMap image file. This can lead to an an integer overflow during file processing, allowing the attacker to execute arbitrary code on the affected system...

7.8CVSS7.8AI score0.00596EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/15 2:9 a.m.10 views

gimp: GIMP: Remote Code Execution via XPM File Parsing Integer Overflow

A flaw was found in GIMP. Remote attackers can exploit this vulnerability by tricking a user into opening a malicious XPM X PixMap image file. This can lead to an an integer overflow during file processing, allowing the attacker to execute arbitrary code on the affected system...

7.8CVSS6.1AI score0.00596EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/15 1:49 a.m.8 views

gimp: GIMP: Remote Code Execution via XPM File Parsing Integer Overflow

A flaw was found in GIMP. Remote attackers can exploit this vulnerability by tricking a user into opening a malicious XPM X PixMap image file. This can lead to an an integer overflow during file processing, allowing the attacker to execute arbitrary code on the affected system...

7.8CVSS7.8AI score0.00596EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/08 8:59 p.m.15 views

CVE-2026-46599

A flaw was found in the golang.org/x/image/tiff package's TIFF decoder. This vulnerability occurs because the decoder does not properly limit the size of PackBits-compressed data. A remote attacker could exploit this by providing a maliciously-crafted image, leading to the decoder processing...

7.5CVSS5.8AI score0.00353EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.8 views

CVE-2026-28990

The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted image may corrupt process memory...

7.5CVSS5.4AI score0.0034EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 2:33 p.m.12 views

EUVD-2026-34286

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose a public /image/ route that resolves attacker-controlled entries from imagehashlookup and replays them through the same server-side image fetch logic used by authenticated image proxying...

9.9CVSS5.9AI score0.00262EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/21 9:54 p.m.16 views

Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host

Summary Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and run OCI containers within them. Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in OCI images, Boxlite does not account for...

9.6CVSS6.6AI score0.00482EPSS
Exploits0References5Affected Software4
OSV
OSV
added 2026/05/19 12:31 p.m.11 views

CLSA-2026-1779193855 ImageMagick: Fix of CVE-2026-42050

CVE-2026-42050: fix stack buffer overflow in XTileImage when loading malicious MIFF in display tool...

5.5CVSS6AI score0.0013EPSS
Exploits0References1
Rows per page
Query Builder