CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28 matches found

OSV•added 2026/06/19 6:31 a.m.•3 views

GHSA-XG3J-C7Q4-F9PH Canonical MicroCeph: path traversal issue in the remote-import AP

Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate such as enrolled cluster members or join token can manipulate files in an imported remote cluster within the...

5CVSS5.9AI score0.00208EPSS

Exploits0References4

Github Security Blog•added 2026/06/19 6:31 a.m.•4 views

Canonical MicroCeph: path traversal issue in the remote-import AP

5CVSS5.9AI score0.00208EPSS

Exploits0References4Affected Software1

NVD•added 2026/06/19 6:17 a.m.•10 views

CVE-2026-10720

5CVSS0.00208EPSS

Exploits0References1

ATTACKERKB•added 2026/06/19 4:57 a.m.•6 views

CVE-2026-10720

5CVSS5.9AI score0.00208EPSS

Exploits0References2Affected Software1

EUVD•added 2026/06/19 4:57 a.m.•9 views

EUVD-2026-37990

5CVSS5.9AI score0.00208EPSS

Exploits0References1

CVE•added 2026/06/19 4:57 a.m.•17 views

CVE-2026-10720

CVE-2026-10720 affects Canonical MicroCeph versions on squid and tentacle tracks. A path traversal in the remote-import API allows holders of a trusted cluster mTLS certificate or a join token to manipulate files inside the imported remote cluster confined at /var/snap/microceph, potentially caus...

5CVSS5.9AI score0.00208EPSS

Exploits0References1

Cvelist•added 2026/06/19 4:57 a.m.•29 views

CVE-2026-10720 MicroCeph path traversal issue in the remote-import API

5CVSS0.00208EPSS

Exploits0References1

Positive Technologies•added 2026/06/19 12:0 a.m.•15 views

PT-2026-50835

Name of the Vulnerable Software and Affected Versions Canonical MicroCeph versions from the squid and tentacle track Description A path traversal issue exists in the remote-import API. Users possessing a join token or a trusted cluster mTLS certificate, such as enrolled cluster members, can...

5CVSS5.9AI score0.00208EPSS

Exploits0References13

RedhatCVE•added 2026/05/14 8:21 a.m.•8 views

CVE-2026-25705

A vulnerability has been identified in Rancher's Extensions where malicious code can be injected in Rancher through a path traversal in the compressedEndpoint field inside a UIPlugin deployment. A malicious UI extension could abuse that to: Overwrite Rancher binaries or configuration to inject...

8.4CVSS5.7AI score0.00368EPSS

Exploits0References1

NVD•added 2026/05/13 8:16 a.m.•7 views

CVE-2026-25705

8.4CVSS0.00368EPSS

Exploits0References2

Cvelist•added 2026/05/13 8:0 a.m.•38 views

CVE-2026-25705 Rancher Extensions have arbitrary file access via path traversal

8.4CVSS0.00368EPSS

Exploits0References2

Vulnrichment•added 2026/05/13 8:0 a.m.•6 views

CVE-2026-25705 Rancher Extensions have arbitrary file access via path traversal

8.4CVSS5.7AI score0.00368EPSS

Exploits0References2

Snyk•added 2026/05/07 1:23 a.m.•5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the compressedEndpoint field in a UIPlugin deployment. An attacker can overwrite binaries or configuration files, tamper with cluster state, or write to the host node filesystem by exploiting path traversal in th...

9.3CVSS6.3AI score0.00368EPSS

Exploits0References2

Snyk•added 2026/05/07 1:23 a.m.•5 views

Directory Traversal

9.3CVSS6.3AI score0.00368EPSS

Exploits0References2

Snyk•added 2026/05/07 1:23 a.m.•6 views

Directory Traversal

9.3CVSS6.3AI score0.00368EPSS

Exploits0References2

OSV•added 2026/05/07 1:23 a.m.•5 views

GHSA-5V3H-X4WF-5C35 Rancher Extensions have arbitrary file access via path traversal

Impact A vulnerability has been identified in Rancher's Extensions where malicious code can be injected in Rancher through a path traversal in the compressedEndpoint field inside a UIPlugin deployment. A malicious UI extension could abuse that to: - Overwrite Rancher binaries or configuration to...

8.4CVSS5.7AI score0.00368EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2024-1950

Malicious code in bioql PyPI...

9.9CVSS8.8AI score0.00641EPSS

Exploits0References6

OSV•added 2025/09/24 12:30 p.m.•2 views

GHSA-2HMJ-97JW-28JH Apache ZooKeeper: Insufficient Permission Check in AdminServer Snapshot/Restore Commands

Improper permission checks in the AdminServer allow an authenticated client with insufficient privileges to invoke the snapshot and restore commands. The intended requirement is authentication and authorization on the root path / with ALL permission for these operations; however, affected version...

4.3CVSS7.1AI score0.00294EPSS

Exploits0References8

RedhatCVE•added 2025/05/23 3:39 a.m.•8 views

CVE-2023-29018

The OpenFeature Operator allows users to expose feature flags to applications. Assuming the pre-existence of a vulnerability that allows for arbitrary code execution, an attacker could leverage the lax permissions configured on open-feature-operator-controller-manager to escalate the privileges o...

8.8CVSS7.1AI score0.00659EPSS

Exploits0References1

OSV•added 2024/10/16 1:15 p.m.•3 views

CVE-2023-32191

When RKE provisions a cluster, it stores the cluster state in a configmap called full-cluster-state inside the kube-system namespace of the cluster itself. The information available in there allows non-admin users to escalate to admin...

9.9CVSS5.8AI score0.00641EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by