Lucene search
K

132 matches found

RedHat Linux
RedHat Linux
added 2 days ago4 views

dotnet: .NET: Local file tampering via link following vulnerability

A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...

6.2CVSS7AI score0.00388EPSS
Exploits0References5
CVE
CVE
added 4 days ago15 views

CVE-2026-8095

CVE-2026-8095 — The Frontend File Manager Plugin for WordPress (up to version 23.6) is vulnerable to Authenticated Arbitrary File Deletion. A case-sensitive bypass of the wpfm_dir_path parameter sanitization in the wpfm_file_meta_update AJAX handler allows an attacker to overwrite the stored file...

8.1CVSS5.8AI score0.00417EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 4 days ago4 views

EulerOS 2.0 SP15 : kata-containers (EulerOS-SA-2026-2484)

"According to the versions of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input...

9.1CVSS6.8AI score0.01557EPSS
Exploits1References2
Cvelist
Cvelist
added 5 days ago25 views

CVE-2026-53576 Kestra: Unauthenticated RCE via /configs path-suffix auth-filter bypass

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for the REST API @Filter"/api/v1/" treats any request whose path ends in /configs as the public instance-config endpoint and forwards it without a credential check. kestra addresse...

10CVSS0.00471EPSS
Exploits1References1
CVE
CVE
added 5 days ago19 views

CVE-2026-53576

Kestra prior to versions 1.0.45 and 1.3.21 contained an authentication filter bypass on the REST API. Requests whose path ends in /configs were treated as the public instance-config endpoint and forwarded without credential checks, allowing anonymous access to resources such as /api/v1/{tenant}/f...

10CVSS5.8AI score0.00471EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.13 views

FreeBSD : caddy -- multiple vulnerabilities (94f93681-6775-11f1-8044-002590af0794)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 94f93681-6775-11f1-8044-002590af0794 advisory. Caddy project reports: Caddy 2.11.4 contains multiple security fixes. GitHub Security Advisory...

8.1CVSS5.9AI score0.00409EPSS
Exploits3References8
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.7 views

EulerOS 2.0 SP13 : kata-containers (EulerOS-SA-2026-2292)

"According to the versions of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input...

9.1CVSS6.7AI score0.01557EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.22 views

PT-2026-47606

Name of the Vulnerable Software and Affected Versions PhpSpreadsheet versions prior to 1.30.5 Description An issue exists in the File::prohibitWrappers function where the use of parse url to detect stream wrappers can be bypassed. When an input contains three or more slashes after the scheme e.g....

9.2CVSS6.5AI score0.00351EPSS
Exploits1References7
FreeBSD
FreeBSD
added 2026/06/08 12:0 a.m.68 views

caddy -- multiple vulnerabilities

Caddy project reports: Caddy 2.11.4 contains multiple security fixes. GitHub Security Advisory GHSA-qrp7-cvwr-j2c6 reports: Windows-encoded backslashes in request paths could bypass path-scoped authorization rules before files are served by fileserver. GitHub Security Advisory GHSA-f59h-q822-g45g...

8.1CVSS5.2AI score0.00409EPSS
Exploits3References4
VulnCheck KEV
VulnCheck KEV
added 2026/06/05 12:0 a.m.23 views

VulnCheck KEV: CVE-2026-31816

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.4 and earlier, the Budibase server's authorized middleware that protects every server-side API endpoint can be completely bypassed by appending a webhook path pattern to the query string of any...

9.1CVSS5.6AI score0.15339EPSS
In wildExploits2References6
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Canonical Multipass 安全漏洞

Canonical Multipass is a virtual instance of Ubuntu developed by Canonical OpenSource. Versions of Canonical Multipass prior to 1.16.3 contained security vulnerabilities. These vulnerabilities stemmed from the validatepath function in the sshfsserver component, which had a path bypass issue. It...

8.4CVSS5.8AI score0.00505EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 8:2 p.m.9 views

CVE-2026-47274

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, multiple pamusb helper tools resolved external binaries through the PATH environment variable rather than using absolute paths. An attacker who can influence the process environment during PAM...

6.3CVSS5.9AI score0.00141EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/26 9:54 p.m.17 views

CVE-2026-48710 Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks

Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header...

6.5CVSS5.8AI score0.01438EPSS
Exploits2References7
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:7 p.m.13 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a TOCTOU vulnerability in ONNX [GHSA-q56x-g2fj-4rj6]

Summary IBM Watson Speech Services Cartridge is vulnerable to a TOCTOU vulnerability in ONNX, due to multiple issues in the saveexternaldata method which introduce an arbitrary file read/write on any system GHSA-q56x-g2fj-4rj6. ONNX is used in our speech runtimes. This vulnerabilitiy has been...

5.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/12 3:7 p.m.7 views

Security Bulletin: Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack

Summary The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0. Vulnerability Details CVEID:CVE-2026-5061 DESCRIPTION:...

4.7CVSS5.7AI score0.00109EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/05/11 7:2 p.m.40 views

CVE-2026-2614 Arbitrary File Read via Prompt Tag Source Validation Bypass in mlflow/mlflow

A vulnerability in the createmodelversion handler of mlflow/server/handlers.py in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a CreateModelVersion request includes the tag...

7.5CVSS0.00657EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/11 6:31 p.m.10 views

EUVD-2026-29088

Improper restriction of excessive authentication attempts CWE-307 in pgAdmin 4. pgAdmin enforces MAXLOGINATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login view, which is registered automatically by security.initapp and is reachable on every server, never...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References2
OSV
OSV
added 2026/05/11 6:31 p.m.11 views

GHSA-HV9P-2PQF-R5W3 pgAdmin 4: Improper restriction of excessive authentication attempts

Improper restriction of excessive authentication attempts CWE-307 in pgAdmin 4. pgAdmin enforces MAXLOGINATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login view, which is registered automatically by security.initapp and is reachable on every server, never...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.12 views

PT-2026-39630

Improper restriction of excessive authentication attempts CWE-307 in pgAdmin 4. pgAdmin enforces MAX LOGIN ATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login view, which is registered automatically by security.init app and is reachable on every server, never...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.13 views

PT-2026-38389

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.0 Description NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in the host context. This occurs because...

8.5CVSS6.2AI score0.00722EPSS
Exploits1References8
Rows per page
Query Builder