2686 matches found
EUVD-2026-13265
OpenClaw versions prior to 2026.2.23 contain a path traversal vulnerability in the experimental applypatch tool that allows attackers with sandbox access to modify files outside the workspace directory by exploiting inconsistent enforcement of workspace-only checks on mounted paths. Attackers can...
CVE-2025-8766
A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container,...
SUSE SLED15 / SLES15 Security Update : busybox (SUSE-SU-2026:0759-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0759-1 advisory. - CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization...
Security update for busybox
This update for busybox fixes the following issues: CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization bsc1258163. CVE-2026-26158: Arbitrary file modification and privilege escalation via unvalidated tar archive entries bsc1258167. Patch...
SUSE-SU-2026:0758-1 Security update for busybox
This update for busybox fixes the following issues: - CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization bsc1258163. - CVE-2026-26158: Arbitrary file modification and privilege escalation via unvalidated tar archive entries bsc1258167...
CVE-2026-20037
A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges to modify files and perform unauthorized actions on an affected system. This vulnerability exists because unnecessary privileges are given to the...
EUVD-2026-8667
A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges to modify files and perform unauthorized actions on an affected system. This vulnerability exists because unnecessary privileges are given to the...
CVE-2026-20037
A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges to modify files and perform unauthorized actions on an affected system. This vulnerability exists because unnecessary privileges are given to the...
Cisco UCS Manager Software Privilege Escalation Vulnerability
A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges to modify files and perform unauthorized actions on an affected system. This vulnerability exists because unnecessary privileges are given to the...
CVE-2026-0704
In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...
Cisco UCS Manager Software 安全漏洞
Cisco UCS Manager Software is a device management software developed by the American company Cisco. There is a security vulnerability in Cisco UCS Manager Software. This vulnerability stems from the unnecessary permissions assigned at the NX-OS CLI permission level, which may allow attackers with...
📄 PivotX 3.0.0 RC 3 Command Injection
PivotX content management system versions up to and including 3.0.0-rc3 contain an authenticated remote code execution vulnerability that allows administrative users to modify PHP files directly through the web interface, leading to complete system compromise...
CVE-2026-26158 Busybox: busybox: arbitrary file modification and privilege escalation via unvalidated tar archive entries
A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to...
CVE-2026-26158
CVE-2026-26158 concerns a flaw in BusyBox where a crafted tar archive with unvalidated hardlink or symlink entries can cause extraction outside the intended directory. The underlying issue is the presence of unvalidated hardlink/symlink paths in tar archives, enabling a attacker to exploit extrac...
CVE-2026-26158 Busybox: busybox: arbitrary file modification and privilege escalation via unvalidated tar archive entries
A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to...
CVE-2026-25656
A vulnerability has been identified in SINEC NMS All versions V4.0 SP3, User Management Component UMC All versions V2.15.2.1. The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially...
CVE-2026-25656
CVE-2026-25656 affects SINEC NMS User Management Component (UMC) across all versions and all SINEC NMS deployments where UMC is
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation of user-supplied path components in file operation handlers. An attacker can gain unauthorized access to, modify, or delete files belonging to other users by injecting traversal sequences into...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation of user-supplied path components in file operation handlers. An attacker can gain unauthorized access to, modify, or delete files belonging to other users by injecting traversal sequences into...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation of user-supplied path components in file operation handlers. An attacker can gain unauthorized access to, modify, or delete files belonging to other users by injecting traversal sequences into...