Lucene search
+L

9489 matches found

OSV
OSV
added yesterday4 views

GHSA-Q38V-WP89-2W55 sh _uid does not drop supplementary groups (incomplete privilege drop)

Impact The uid option performed an incomplete privilege drop on Linux/Unix-like systems. When sh was run from a process with elevated privileges, such as root, and a command was launched with uid=, the child process changed its UID and primary GID but did not reset its supplementary groups. As a...

7.9CVSS5.5AI score
Exploits0References3
Nuclei
Nuclei
added yesterday34 views

Plone Docker - Host Header Injection

Plone Docker Official Image 5.2.13 5221 is vulnerable to Host Header Injection due to improper validation of input by the HOST headers. This can lead to Cross-Site Scripting XSS attacks when the malicious Host header value is reflected in the response. id: CVE-2024-23055 info: name: Plone Docker ...

6.1CVSS7AI score0.00911EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday149 views

H3C SSL VPN <=2022-07-10 - Cross-Site Scripting

H3C SSL VPN 2022-07-10 and prior contains a cookie-based cross-site scripting vulnerability in wnm/login/login.json svpnlang. id: CVE-2022-35416 info: name: H3C SSL VPN =2022-07-10 - Cross-Site Scripting author: 0x240x23elu severity: medium description: | H3C SSL VPN 2022-07-10 and prior contains...

6.1CVSS5.8AI score0.02886EPSS
Exploits1References5
CVE
CVE
added 2 days ago41 views

CVE-2026-44180

CVE-2026-44180 affects Jupyter Enterprise Gateway: ContainerProcessProxy._enforce_prohibited_ids can be bypassed to run kernels as root by supplying KERNEL_UID/KERNEL_GID values with whitespace. Affected versions: 2.0.0rc1 through

9.8CVSS6.4AI score0.00463EPSS
Exploits0References2
NVD
NVD
added 2 days ago7 views

CVE-2026-33692

WWBN AVideo is an open source video platform. Versions prior to 29.0 expose .env files to unauthenticated users through the official Docker compose configuration. The official docker-compose.yml mounts the entire project root directory as the Apache document root, causing the .env file — which...

7.5CVSS0.00451EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-33692 AVideo Has Unauthenticated .env File Exposure via Official Docker Compose Configuration

WWBN AVideo is an open source video platform. Versions prior to 29.0 expose .env files to unauthenticated users through the official Docker compose configuration. The official docker-compose.yml mounts the entire project root directory as the Apache document root, causing the .env file — which...

7.5CVSS0.00451EPSS
Exploits0References2
CVE
CVE
added 2 days ago20 views

CVE-2026-33692

Summary: CVE-2026-33692 affects WWBN AVideo prior to 29.0, where the official Docker Compose configuration exposes the project’s .env file to unauthenticated users via the root path (/.env). The docker-compose.yml mounts the entire project root as the Apache document root, allowing access to sens...

7.5CVSS6AI score0.00451EPSS
Exploits0References2
NVD
NVD
added 3 days ago5 views

CVE-2026-50562

FastGPT is a knowledge-based AI application platform. At commit 22ebfacbb43311e9b73294040ae0eb87390c6bba and earlier, artifacts built from untrusted pull request code in .github/workflows/preview-docs-build.yml and .github/workflows/preview-fastgpt-build.yml can be downloaded by privileged...

9.3CVSS0.00151EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-44749

FastGPT is a knowledge-based AI application platform. At commit 22ebfacbb43311e9b73294040ae0eb87390c6bba and earlier, artifacts built from untrusted pull request code in .github/workflows/preview-docs-build.yml and .github/workflows/preview-fastgpt-build.yml can be downloaded by privileged...

9.3CVSS6.1AI score0.00151EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago3 views

CVE-2026-50562

FastGPT is a knowledge-based AI application platform. At commit 22ebfacbb43311e9b73294040ae0eb87390c6bba and earlier, artifacts built from untrusted pull request code in .github/workflows/preview-docs-build.yml and .github/workflows/preview-fastgpt-build.yml can be downloaded by privileged...

9.3CVSS6.1AI score0.00151EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-50562 FastGPT: Untrusted PR artifacts are pushed and deployed by privileged preview workflows

FastGPT is a knowledge-based AI application platform. At commit 22ebfacbb43311e9b73294040ae0eb87390c6bba and earlier, artifacts built from untrusted pull request code in .github/workflows/preview-docs-build.yml and .github/workflows/preview-fastgpt-build.yml can be downloaded by privileged...

9.3CVSS0.00151EPSS
Exploits0References1
CVE
CVE
added 3 days ago5 views

CVE-2026-50562

CVE-2026-50562 describes a supply-chain risk in FastGPT where, at commit 22ebfacbb43311e9b73294040ae0eb87390c6bba and earlier, artifacts built from untrusted PR code in .github/workflows/preview-docs-build.yml and .github/workflows/preview-fastgpt-build.yml can be downloaded by privileged workflo...

9.3CVSS6.1AI score0.00151EPSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-59891

sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 0.7.1, getRegistryCredentials reads credentials from the Docker config file and selects an entry by checking whether any configured auth key contains the target registry string. Because this is a substring...

9.6CVSS0.00321EPSS
Exploits0References3
CVE
CVE
added 4 days ago5 views

CVE-2026-59891

The CVE-2026-59891 entry concerns sigstore-js prior to 0.7.1. getRegistryCredentials() reads Docker config credentials and selects an entry by substring match of the target registry, which can cause credentials for one registry to be sent to a different registry whose hostname has a matching subs...

9.6CVSS6.1AI score0.00321EPSS
Exploits0References3
NVD
NVD
added 4 days ago5 views

CVE-2026-11403

A vulnerability in Sonatype Nexus Repository Manager's format-specific API key generation may allow a remote attacker to gain unauthorized access to repository operations as a targeted user. A format-specific API key realm NuGet API Key, Docker Bearer Token, or npm Bearer Token must be enabled an...

8.7CVSS0.00349EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 5 days ago5 views

Linux Distros Unpatched Vulnerability : CVE-2026-14373

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad and Nomad Enterprise did not enforce the allowprivileged restriction for the Docker task driver's host namespace mode options. This may allow an...

7.7CVSS6.1AI score0.00248EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 5 days ago5 views

Linux Distros Unpatched Vulnerability : CVE-2026-14891

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into ...

8.7CVSS6.1AI score0.00316EPSS
Exploits0References2
NVD
NVD
added 6 days ago16 views

CVE-2026-56259

Crawl4AI before 0.8.8 contains credential exfiltration vulnerabilities in the Docker API server that allow attackers to redirect LLM API calls to attacker-controlled endpoints and read arbitrary environment variables. Attackers can exploit the unauthenticated /md, /llm, and /llm/job endpoints by...

8.8CVSS0.00254EPSS
Exploits0References2
NVD
NVD
added 6 days ago6 views

CVE-2026-56260

Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The outputpath parameter accepts arbitrary filesystem paths without validation, allowing an attacker to supply absolute or path-traversal values to write to any location...

9.1CVSS0.00421EPSS
Exploits0References3
CVE
CVE
added 6 days ago19 views

CVE-2026-56260

CVE-2026-56260 affects Crawl4AI

9.1CVSS6.2AI score0.00421EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder