Lucene search
+L

73 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.8 views

Oracle Linux 7 : openssh (ELSA-2026-22468)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-22468 advisory. 7.4p1-23.0.5 - Fix privilege escalation via scp legacy protocol when not in preserving file mode CVE-2026-35385Orabug: 39480251 Tenable has extracted the...

8.1CVSS5.9AI score0.00419EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.10 views

CVE-2026-45728

Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is invoked with a single file path instead of a directory, singleFileMode is set to true and debugMode is forcibly enabled. debugMode activates the PrettyError renderer, which on any Lua or template error respon...

7.5CVSS5.5AI score0.00303EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.22 views

PT-2026-45490

Name of the Vulnerable Software and Affected Versions rattler versions prior to 0.43.2 pixi versions prior to 0.69.0 rattler-build versions prior to 0.65.0 py-rattler affected versions not specified Description The EntryPoint::FromStr function in rattler conda types only applies a .trim operation...

8.7CVSS6.1AI score0.00058EPSS
Exploits0References8
NVD
NVD
added 2026/05/26 5:16 p.m.16 views

CVE-2026-45728

Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is invoked with a single file path instead of a directory, singleFileMode is set to true and debugMode is forcibly enabled. debugMode activates the PrettyError renderer, which on any Lua or template error respon...

7.5CVSS0.00303EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/26 4:38 p.m.40 views

CVE-2026-45728 Algernon: Single-file mode unconditionally enables debug mode

Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is invoked with a single file path instead of a directory, singleFileMode is set to true and debugMode is forcibly enabled. debugMode activates the PrettyError renderer, which on any Lua or template error respon...

7.5CVSS0.00303EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 4:38 p.m.14 views

EUVD-2026-31868

Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is invoked with a single file path instead of a directory, singleFileMode is set to true and debugMode is forcibly enabled. debugMode activates the PrettyError renderer, which on any Lua or template error respon...

7.5CVSS5.8AI score0.00303EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/26 4:38 p.m.10 views

CVE-2026-45728 Algernon: Single-file mode unconditionally enables debug mode

Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is invoked with a single file path instead of a directory, singleFileMode is set to true and debugMode is forcibly enabled. debugMode activates the PrettyError renderer, which on any Lua or template error respon...

7.5CVSS5.8AI score0.00303EPSS
Exploits0References1
CVE
CVE
added 2026/05/26 4:38 p.m.19 views

CVE-2026-45728

CVE-2026-45728 (Algernon) exposes server-side source on error when running in single-file mode. Prior to 1.17.7, invoking Algernon with a file path (not a dir) forces singleFileMode, which enables debugMode and renders PrettyError pages that reveal the absolute path and full contents of the error...

7.5CVSS5.8AI score0.00303EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 4:38 p.m.9 views

CVE-2026-45728

Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is invoked with a single file path instead of a directory, singleFileMode is set to true and debugMode is forcibly enabled. debugMode activates the PrettyError renderer, which on any Lua or template error respon...

7.5CVSS5.8AI score0.00303EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/26 4:38 p.m.4 views

CVE-2026-45728 Algernon: Single-file mode unconditionally enables debug mode

Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is invoked with a single file path instead of a directory, singleFileMode is set to true and debugMode is forcibly enabled. debugMode activates the PrettyError renderer, which on any Lua or template error respon...

7.5CVSS6AI score0.00303EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.14 views

algernon 安全漏洞

Algernon is a web server developed by Alexander F. Rødseth. Versions of Algernon prior to 1.17.7 contained security vulnerabilities. These vulnerabilities stemmed from the forced activation of debugging mode in single-file mode, allowing the leakage of the file’s absolute path and complete byte...

7.5CVSS5.8AI score0.00303EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/19 2:35 p.m.38 views

Algernon: Single-file mode unconditionally enables debug mode

Summary When Algernon is invoked with a single file path instead of a directory — the documented "quick demo" workflow algernon foo.lua, algernon page.po2, algernon index.html, algernon mywebsite.alg — singleFileMode is set to true and debugMode is forcibly enabled with no opt-out: go //...

7.5CVSS5.8AI score0.00303EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/19 2:35 p.m.6 views

GHSA-FWQX-8365-9983 Algernon: Single-file mode unconditionally enables debug mode

Summary When Algernon is invoked with a single file path instead of a directory — the documented "quick demo" workflow algernon foo.lua, algernon page.po2, algernon index.html, algernon mywebsite.alg — singleFileMode is set to true and debugMode is forcibly enabled with no opt-out: go //...

7.5CVSS5.8AI score0.00303EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.15 views

PT-2026-41970

Name of the Vulnerable Software and Affected Versions Algernon versions prior to 1.17.7 Description When Algernon is started with a single file path instead of a directory, the singleFileMode is enabled, which forcibly activates debugMode. This configuration enables the PrettyError renderer, whic...

7.5CVSS5.8AI score0.00303EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/11 2:35 p.m.8 views

CVE-2026-7819

Symbolic-link path traversal CWE-61, CWE-22 in pgAdmin 4 File Manager. checkaccesspermission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own storag...

8.1CVSS5.8AI score0.00359EPSS
Exploits0References2
OSV
OSV
added 2026/05/11 2:35 p.m.2 views

CVE-2026-7819 pgAdmin 4: Symbolic-link path traversal in File Manager allows arbitrary file write

Symbolic-link path traversal CWE-61, CWE-22 in pgAdmin 4 File Manager. checkaccesspermission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own storag...

7.2CVSS7.2AI score0.00359EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.13 views

PT-2026-39629

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions prior to 9.15 Description A symbolic-link path traversal issue exists in the pgAdmin 4 File Manager. The check access permission function utilized os.path.abspath, which resolves parent directory references '..' but fails to...

8.5CVSS7AI score0.00359EPSS
Exploits0References13
RedHat Linux
RedHat Linux
added 2026/04/30 4:40 p.m.51 views

OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode

A flaw was found in OpenSSH. When the scp command is used by a root user to download a file with the legacy protocol option -O and without preserving original file permissions -p, the downloaded file can be installed with elevated privileges setuid or setgid. This unexpected behavior could allow ...

8.1CVSS5.5AI score0.00419EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/04/25 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-31611

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: require 3 sub-authorities before reading subauth2 parsedacl compares each ACE SID against sidunixNFSmode and on match reads sid.subauth2 as the file mode...

8.6CVSS7.1AI score0.00366EPSS
Exploits0References2
CVE
CVE
added 2026/04/24 2:42 p.m.18 views

CVE-2026-31611

CVE-2026-31611 affects the Linux kernel's ksmbd path. The flaw occurs in parse_dacl() when comparing ACE SIDs to sid_unix_NFS_mode and subsequently reading sid.sub_auth[2] as the file mode. If the SID has only two sub-authorities, an ACE placed at the end of the ACL can cause sid.sub_auth[2] to r...

8.6CVSS5.4AI score0.00366EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder