Lucene search
K

3779 matches found

EUVD
EUVD
added 13 hours ago6 views

EUVD-2026-43317

A weakness has been identified in Shibby Tomato up to 1.28.0000. This affects the function sub2D048 of the component CIFS Mount Handler. Executing a manipulation of the argument cifs1/cifs2 can lead to os command injection. The attack can be executed remotely. The exploit has been made available ...

6.5CVSS6.4AI score
Exploits0References6
NVD
NVD
added 14 hours ago5 views

CVE-2026-15547

A weakness has been identified in Shibby Tomato up to 1.28.0000. This affects the function sub2D048 of the component CIFS Mount Handler. Executing a manipulation of the argument cifs1/cifs2 can lead to os command injection. The attack can be executed remotely. The exploit has been made available ...

6.5CVSS
Exploits0References5
Cvelist
Cvelist
added 14 hours ago11 views

CVE-2026-15547 Shibby Tomato CIFS Mount sub_2D048 os command injection

A weakness has been identified in Shibby Tomato up to 1.28.0000. This affects the function sub2D048 of the component CIFS Mount Handler. Executing a manipulation of the argument cifs1/cifs2 can lead to os command injection. The attack can be executed remotely. The exploit has been made available ...

6.5CVSS
Exploits0References5
CVE
CVE
added 5 days ago15 views

CVE-2026-14891

HashiCorp Nomad and Nomad Enterprise are affected by a sandbox escape in the Docker task driver that can allow a job submitter to bind-mount a host path into a container, potentially enabling reading/writing host files even when volume bind mounts are disabled. Affected versions include Nomad Com...

8.7CVSS6AI score0.00316EPSS
Exploits0References1
NVD
NVD
added 6 days ago9 views

CVE-2026-34044

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the Logs::mount component looks up resources by UUID without scoping the lookup to the current team, allowing an authenticated user to access logs for applications owned by...

7.7CVSS0.00244EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-56129

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.466 Description An authenticated user can access logs of applications belonging to other teams. This occurs because the Logs::mount function retrieves resources using a UUID without verifying if the resourc...

7.7CVSS6.1AI score0.00244EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 6 days ago8 views

Linux Distros Unpatched Vulnerability : CVE-2026-58403

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hugo is a static site generator. From v0.123.0 through v0.163.0, Hugo's virtual filesystem is designed so that files under a mount cannot reach outside the moun...

6.5CVSS6.2AI score0.00318EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 9:16 p.m.4 views

DEBIAN-CVE-2026-50135

Hugo is a static site generator. From 0.123.0 to 0.161.1, a regression made RootMappingFs.statRoot use Stat follows symlinks instead of Lstat , so a direct resources.Get of a symlink pointing outside its mount returned the target's contents — letting a symlink planted in a local mount e.g. a...

5.5CVSS5.9AI score0.00275EPSS
Exploits0References1
NVD
NVD
added 2026/07/06 9:16 p.m.6 views

CVE-2026-50135

Hugo is a static site generator. From 0.123.0 to 0.161.1, a regression made RootMappingFs.statRoot use Stat follows symlinks instead of Lstat , so a direct resources.Get of a symlink pointing outside its mount returned the target's contents — letting a symlink planted in a local mount e.g. a...

6.9CVSS0.00275EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/06 9:8 p.m.3 views

CVE-2026-34050

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the Settings/Updates Livewire component does not check isInstanceAdmin in its mount method, allowing non-admin users to access the Updates settings page and potentially...

6.5CVSS5.9AI score0.00213EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/07/06 8:16 p.m.3 views

DEBIAN-CVE-2026-58403

Hugo is a static site generator. From v0.123.0 through v0.163.0, Hugo's virtual filesystem is designed so that files under a mount cannot reach outside the mount tree, but a regression caused RootMappingFs.statRoot to call Stat, which follows symlinks, instead of Lstat, so a direct os.ReadFile...

6.5CVSS5.9AI score0.00318EPSS
Exploits0References1
NVD
NVD
added 2026/07/06 8:16 p.m.5 views

CVE-2026-58403

Hugo is a static site generator. From v0.123.0 through v0.163.0, Hugo's virtual filesystem is designed so that files under a mount cannot reach outside the mount tree, but a regression caused RootMappingFs.statRoot to call Stat, which follows symlinks, instead of Lstat, so a direct os.ReadFile...

6.5CVSS0.00318EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:52 p.m.6 views

CVE-2026-50135

Hugo is a static site generator. From 0.123.0 to 0.161.1, a regression made RootMappingFs.statRoot use Stat follows symlinks instead of Lstat , so a direct resources.Get of a symlink pointing outside its mount returned the target's contents — letting a symlink planted in a local mount e.g. a...

6.9CVSS5.9AI score0.00275EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/07/06 7:52 p.m.16 views

CVE-2026-50135

Summary: Hugo up to v0.161.1 is affected by a symlink confinement bypass in the virtual filesystem used by Hugo’s resources.Get. Root cause: A regression in RootMappingFs.statRoot caused it to call Stat (which follows symlinks) instead of Lstat, allowing a symlink inside a mounted directory (e.g....

6.9CVSS5.9AI score0.00275EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/07/06 7:52 p.m.34 views

CVE-2026-50135 Hugo: Symlink confinement bypass in resources.Get

Hugo is a static site generator. From 0.123.0 to 0.161.1, a regression made RootMappingFs.statRoot use Stat follows symlinks instead of Lstat , so a direct resources.Get of a symlink pointing outside its mount returned the target's contents — letting a symlink planted in a local mount e.g. a...

6.9CVSS0.00275EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/07/06 7:52 p.m.6 views

CVE-2026-50135

Hugo is a static site generator. From 0.123.0 to 0.161.1, a regression made RootMappingFs.statRoot use Stat follows symlinks instead of Lstat , so a direct resources.Get of a symlink pointing outside its mount returned the target's contents — letting a symlink planted in a local mount e.g. a...

6.9CVSS5.9AI score0.00275EPSS
Exploits0
OSV
OSV
added 2026/07/06 7:52 p.m.3 views

CVE-2026-50135 Hugo: Symlink confinement bypass in resources.Get

Hugo is a static site generator. From 0.123.0 to 0.161.1, a regression made RootMappingFs.statRoot use Stat follows symlinks instead of Lstat , so a direct resources.Get of a symlink pointing outside its mount returned the target's contents — letting a symlink planted in a local mount e.g. a...

6.9CVSS5.9AI score0.00275EPSS
Exploits0References5
OSV
OSV
added 2026/07/06 7:25 p.m.4 views

CVE-2026-58403 Hugo symlink confinement bypass in os.ReadFile

Hugo is a static site generator. From v0.123.0 through v0.163.0, Hugo's virtual filesystem is designed so that files under a mount cannot reach outside the mount tree, but a regression caused RootMappingFs.statRoot to call Stat, which follows symlinks, instead of Lstat, so a direct os.ReadFile...

5.9CVSS5.9AI score0.00318EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/06 7:25 p.m.5 views

EUVD-2026-41907

Hugo is a static site generator. From v0.123.0 through v0.163.0, Hugo's virtual filesystem is designed so that files under a mount cannot reach outside the mount tree, but a regression caused RootMappingFs.statRoot to call Stat, which follows symlinks, instead of Lstat, so a direct os.ReadFile...

5.9CVSS5.9AI score0.00318EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:25 p.m.5 views

CVE-2026-58403

Hugo is a static site generator. From v0.123.0 through v0.163.0, Hugo's virtual filesystem is designed so that files under a mount cannot reach outside the mount tree, but a regression caused RootMappingFs.statRoot to call Stat, which follows symlinks, instead of Lstat, so a direct os.ReadFile...

5.9CVSS5.9AI score0.00318EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder