Lucene search
K

1026 matches found

Nuclei
Nuclei
added 12 hours ago71 views

HashiCorp Consul/Consul Enterprise <=1.9.4 - Cross-Site Scripting

HashiCorp Consul and Consul Enterprise up to version 1.9.4 are vulnerable to cross-site scripting via the key-value KV raw mode. id: CVE-2020-25864 info: name: HashiCorp Consul/Consul Enterprise =1.9.4 - Cross-Site Scripting author: c-sh0 severity: medium description: | HashiCorp Consul and Consu...

6.1CVSS6.6AI score0.06095EPSS
Exploits0References5
Nuclei
Nuclei
added 12 hours ago72 views

HashiCorp Consul/Consul Enterprise - Server-Side Request Forgery

HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11 are susceptible to server-side request forgery. When redirects are returned by HTTP health check endpoints, Consul follows these HTTP redirects by default. An attacker can possibly obtain sensitive information, modify data,...

7.5CVSS6.8AI score0.08676EPSS
Exploits0References5
Chainguard
Chainguard
added 5 days ago7 views

GHSA-XCGV-8MV7-V8C7 vulnerabilities

Vulnerabilities for packages: apko, consul, rekor-fips, gatekeeper-fips, knative-operator-fips, mattermost-fips, buildkite-agent-fips, prometheus-operator, buildkitd-fips, vault-secrets-operator, buildah-fips, frankenphp-8.2, pinact, traefik-fips, docker-cli-fips, kubernetes-dashboard,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 5 days ago6 views

GHSA-FF52-PH69-CF7X vulnerabilities

Vulnerabilities for packages: opentelemetry-collector-k8s-fips, nri-postgresql-fips, aws-flb-firehose-fips, secrets-store-csi-driver, crossplane-provider-aws-fsx, pdfcpu, nsc-fips, atlas, mlrun-log-collector, crossplane-provider-aws-fsx-fips, consul-k8s, addon-resizer-fips, oras,...

6.1AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago3 views

Security Bulletin: Consul-template is vulnerable to path redirection in writeToFile through symlink attack

Summary The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in the writeToFile template helper that may allow template output to be written outside the intended directory or to overwrite an existing file. This vulnerability CVE-2026-14361 is fixed in...

4.7CVSS5.8AI score0.00105EPSS
Exploits0Affected Software1
NVD
NVD
added 6 days ago8 views

CVE-2026-14361

The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in the writeToFile template helper that may allow template output to be written outside the intended directory or to overwrite an existing file. This vulnerability CVE-2026-14361 is fixed in consul-templat...

4.7CVSS0.00105EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42346

The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in the writeToFile template helper that may allow template output to be written outside the intended directory or to overwrite an existing file. This vulnerability CVE-2026-14361 is fixed in consul-templat...

4.7CVSS5.9AI score0.00105EPSS
Exploits0References1
CVE
CVE
added 6 days ago12 views

CVE-2026-14361

The CVE-2026-14361 issue affects consul-template prior to 0.42.1, where the writeToFile helper opens the destination path directly and follows links in the path. This can allow template output to be written outside the intended directory or overwrite an existing file. The root cause is path redir...

4.7CVSS5.9AI score0.00105EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-14361 Consul-template is vulnerable to path redirection in writeToFile through symlink attack

The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in the writeToFile template helper that may allow template output to be written outside the intended directory or to overwrite an existing file. This vulnerability CVE-2026-14361 is fixed in consul-templat...

4.7CVSS0.00105EPSS
Exploits0References1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 6 days ago9 views

Consul-template vulnerable to path redirections in writeToFile

Summary The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in the writeToFile template helper that may allow template output to be written outside the intended directory or to overwrite an existing file. This vulnerability CVE-2026-14361 is fixed in...

4.7CVSS6.1AI score0.00105EPSS
Exploits0Affected Software1
Chainguard
Chainguard
added 2026/07/02 2:16 p.m.13 views

GHSA-8XWF-RJM4-XVHV vulnerabilities

Vulnerabilities for packages: kube-mgmt-fips, cloudbeat-fips, ratify, kubescape-server, consul-k8s, maru, oras, chartmuseum-fips, kubescape, k8ssandra-client-fips, argocd-image-updater-fips, trivy-operator, argo-cd, k9s, k8ssandra-client, trivy-fips, cert-manager-cmctl, kube-mgmt, cilium-cli,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/07/02 2:16 p.m.12 views

GHSA-XF85-363P-868W vulnerabilities

Vulnerabilities for packages: kube-mgmt-fips, harvester, cloudbeat-fips, ratify, kubescape-server, consul-k8s, maru, oras, chartmuseum-fips, kubescape, k8ssandra-client-fips, argocd-image-updater-fips, trivy-operator, argo-cd, k9s, k8ssandra-client, trivy-fips, cert-manager-cmctl, kube-mgmt,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/07/02 2:16 p.m.12 views

GHSA-VH4V-2XQ2-G5CG vulnerabilities

Vulnerabilities for packages: kube-mgmt-fips, cloudbeat-fips, ratify, kubescape-server, consul-k8s, maru, oras, chartmuseum-fips, kubescape, k8ssandra-client-fips, argocd-image-updater-fips, trivy-operator, argo-cd, k9s, k8ssandra-client, trivy-fips, cert-manager-cmctl, kube-mgmt, cilium-cli,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/07/02 2:16 p.m.10 views

CVE-2026-50162 vulnerabilities

Vulnerabilities for packages: kube-mgmt-fips, cloudbeat-fips, ratify, kubescape-server, consul-k8s, maru, oras, chartmuseum-fips, kubescape, k8ssandra-client-fips, argocd-image-updater-fips, trivy-operator, argo-cd, k9s, k8ssandra-client, trivy-fips, cert-manager-cmctl, kube-mgmt, cilium-cli,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/07/02 2:16 p.m.11 views

CVE-2026-48978 vulnerabilities

Vulnerabilities for packages: kube-mgmt-fips, harvester, cloudbeat-fips, ratify, kubescape-server, consul-k8s, maru, oras, chartmuseum-fips, kubescape, k8ssandra-client-fips, argocd-image-updater-fips, trivy-operator, argo-cd, k9s, k8ssandra-client, trivy-fips, cert-manager-cmctl, kube-mgmt,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/07/02 2:16 p.m.16 views

GHSA-JXPM-75MH-9FP7 vulnerabilities

Vulnerabilities for packages: kube-mgmt-fips, cloudbeat-fips, ratify, kubescape-server, consul-k8s, maru, oras, chartmuseum-fips, kubescape, k8ssandra-client-fips, argocd-image-updater-fips, trivy-operator, argo-cd, k9s, k8ssandra-client, trivy-fips, cert-manager-cmctl, kube-mgmt, cilium-cli,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/07/02 2:16 p.m.9 views

CVE-2026-50151 vulnerabilities

Vulnerabilities for packages: kube-mgmt-fips, cloudbeat-fips, ratify, kubescape-server, consul-k8s, maru, oras, chartmuseum-fips, kubescape, k8ssandra-client-fips, argocd-image-updater-fips, trivy-operator, argo-cd, k9s, k8ssandra-client, trivy-fips, cert-manager-cmctl, kube-mgmt, cilium-cli,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.8 views

GHSA-RM3J-F69W-WQMQ vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure-servicefabric, osv-scanner, prometheus-podman-exporter-fips, crossplane-provider-azure-notificationhubs, crossplane-provider-aws-wafv2, crossplane-provider-aws-lexmodels, docker-compose, traefik-fips, kubernetes-dashboard,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.15 views

GHSA-Q4H4-GMJ2-QVW2 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure-servicefabric, osv-scanner, prometheus-podman-exporter-fips, crossplane-provider-azure-notificationhubs, crossplane-provider-aws-wafv2, crossplane-provider-aws-lexmodels, docker-compose, traefik-fips, kubernetes-dashboard,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:16 a.m.9 views

CVE-2026-41178 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure-servicefabric, spicedb, secrets-store-csi-driver, osv-scanner, crossplane-provider-gcp-beta-networksecurity, kube-mgmt-fips, ipfs-cluster, atlas, consul-k8s, prometheus-podman-exporter-fips, crossplane-provider-azure-notificationhubs,...

5.3CVSS6.1AI score0.00237EPSS
Exploits0
Rows per page
Query Builder