Lucene search
+L

2686 matches found

EUVD
EUVD
added 2026/03/19 10:6 p.m.11 views

EUVD-2026-13265

OpenClaw versions prior to 2026.2.23 contain a path traversal vulnerability in the experimental applypatch tool that allows attackers with sandbox access to modify files outside the workspace directory by exploiting inconsistent enforcement of workspace-only checks on mounted paths. Attackers can...

7.6CVSS5.9AI score0.00364EPSS
Exploits0References3
NVD
NVD
added 2026/03/13 7:53 p.m.6 views

CVE-2025-8766

A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container,...

6.4CVSS0.00165EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.6 views

SUSE SLED15 / SLES15 Security Update : busybox (SUSE-SU-2026:0759-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0759-1 advisory. - CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization...

7CVSS6.2AI score0.00682EPSS
Exploits2References7
SUSE Linux
SUSE Linux
added 2026/03/03 12:16 p.m.3 views

Security update for busybox

This update for busybox fixes the following issues: CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization bsc1258163. CVE-2026-26158: Arbitrary file modification and privilege escalation via unvalidated tar archive entries bsc1258167. Patch...

7.1CVSS6.3AI score0.00682EPSS
Exploits2References8
OSV
OSV
added 2026/03/03 12:16 p.m.4 views

SUSE-SU-2026:0758-1 Security update for busybox

This update for busybox fixes the following issues: - CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization bsc1258163. - CVE-2026-26158: Arbitrary file modification and privilege escalation via unvalidated tar archive entries bsc1258167...

7CVSS6.3AI score0.00682EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2026/02/26 10:35 p.m.8 views

CVE-2026-20037

A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges to modify files and perform unauthorized actions on an affected system. This vulnerability exists because unnecessary privileges are given to the...

4.4CVSS5.5AI score0.00095EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/25 6:31 p.m.8 views

EUVD-2026-8667

A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges to modify files and perform unauthorized actions on an affected system. This vulnerability exists because unnecessary privileges are given to the...

4.4CVSS5.5AI score0.00095EPSS
Exploits0References2
NVD
NVD
added 2026/02/25 5:25 p.m.21 views

CVE-2026-20037

A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges to modify files and perform unauthorized actions on an affected system. This vulnerability exists because unnecessary privileges are given to the...

4.4CVSS0.00095EPSS
Exploits0References1
Cisco
Cisco
added 2026/02/25 4:0 p.m.11 views

Cisco UCS Manager Software Privilege Escalation Vulnerability

A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges to modify files and perform unauthorized actions on an affected system. This vulnerability exists because unnecessary privileges are given to the...

4.4CVSS5.5AI score0.00095EPSS
Exploits0References1
NVD
NVD
added 2026/02/25 1:16 p.m.8 views

CVE-2026-0704

In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...

9.1CVSS0.00332EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.11 views

Cisco UCS Manager Software 安全漏洞

Cisco UCS Manager Software is a device management software developed by the American company Cisco. There is a security vulnerability in Cisco UCS Manager Software. This vulnerability stems from the unnecessary permissions assigned at the NX-OS CLI permission level, which may allow attackers with...

4.4CVSS5.8AI score0.00095EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/02/16 12:0 a.m.155 views

📄 PivotX 3.0.0 RC 3 Command Injection

PivotX content management system versions up to and including 3.0.0-rc3 contain an authenticated remote code execution vulnerability that allows administrative users to modify PHP files directly through the web interface, leading to complete system compromise...

5.4CVSS6.5AI score0.03835EPSS
Exploits6
Cvelist
Cvelist
added 2026/02/11 8:27 p.m.29 views

CVE-2026-26158 Busybox: busybox: arbitrary file modification and privilege escalation via unvalidated tar archive entries

A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to...

7CVSS0.0016EPSS
Exploits0References4
CVE
CVE
added 2026/02/11 8:27 p.m.32 views

CVE-2026-26158

CVE-2026-26158 concerns a flaw in BusyBox where a crafted tar archive with unvalidated hardlink or symlink entries can cause extraction outside the intended directory. The underlying issue is the presence of unvalidated hardlink/symlink paths in tar archives, enabling a attacker to exploit extrac...

7CVSS5.5AI score0.0016EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/02/11 8:27 p.m.3 views

CVE-2026-26158 Busybox: busybox: arbitrary file modification and privilege escalation via unvalidated tar archive entries

A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to...

7CVSS5.5AI score0.0016EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/11 1:16 p.m.4 views

CVE-2026-25656

A vulnerability has been identified in SINEC NMS All versions V4.0 SP3, User Management Component UMC All versions V2.15.2.1. The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially...

8.5CVSS7.6AI score0.00238EPSS
Exploits0References1
CVE
CVE
added 2026/02/10 9:58 a.m.21 views

CVE-2026-25656

CVE-2026-25656 affects SINEC NMS User Management Component (UMC) across all versions and all SINEC NMS deployments where UMC is

8.5CVSS7.6AI score0.00238EPSS
Exploits0References1Affected Software2
Snyk
Snyk
added 2026/02/04 6:52 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation of user-supplied path components in file operation handlers. An attacker can gain unauthorized access to, modify, or delete files belonging to other users by injecting traversal sequences into...

9.9CVSS6.4AI score0.00721EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/04 6:52 p.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation of user-supplied path components in file operation handlers. An attacker can gain unauthorized access to, modify, or delete files belonging to other users by injecting traversal sequences into...

9.9CVSS6.4AI score0.00721EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/04 6:52 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation of user-supplied path components in file operation handlers. An attacker can gain unauthorized access to, modify, or delete files belonging to other users by injecting traversal sequences into...

9.9CVSS6.4AI score0.00721EPSS
Exploits1References2
Rows per page
Query Builder