Lucene search
K

23312 matches found

EUVD
EUVD
added 6 days ago7 views

EUVD-2026-41423

JuiceFS through 1.3.1, fixed in commit a46979c, contains an authentication bypass vulnerability that allows unauthenticated remote attackers to access sensitive debug and metrics endpoints by exploiting improper handler registration on the shared http.DefaultServeMux. Attackers can request the...

7.7CVSS5.9AI score0.00266EPSS
Exploits0References4
NVD
NVD
added 6 days ago7 views

CVE-2026-53422

Observable Response Discrepancy vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to enumerate the existence of files and directories outside the configured root directory. The SSHFXPREALPATH handler in sshsftpd calls relatefilename/3 with Canonicalize=false, unlik...

4.3CVSS0.00333EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 6 days ago10 views

CVE-2026-53422 SFTP REALPATH path-existence oracle allowing filesystem enumeration outside configured root

Observable Response Discrepancy vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to enumerate the existence of files and directories outside the configured root directory. The SSHFXPREALPATH handler in sshsftpd calls relatefilename/3 with Canonicalize=false, unlik...

2.3CVSS5.8AI score0.00333EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 6 days ago9 views

CVE-2026-44740

A flaw was found in Billy, an interface filesystem abstraction for Go. This vulnerability allows a remote attacker to cause a Denial of Service DoS by providing crafted or malformed input. The issue arises from insufficient validation and missing safety mechanisms when processing untrusted...

7.5CVSS6AI score0.00295EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added last week5 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS6.7AI score0.00292EPSS
Exploits0References8
OSV
OSV
added last week7 views

USN-8493-1 linux, linux-aws, linux-aws-5.15, linux-aws-fips, linux-azure, linux-azure-5.15, linux-azure-fde-5.15, linux-fips, linux-gcp, linux-gcp-fips, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iot-realtime, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx, linux-oracle, linux-realtime vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - RISC-V architecture; - Cryptographic API; - InfiniBand drivers; - IOMMU subsystem; - Network drivers; -...

9.8CVSS6.3AI score0.09796EPSS
Exploits4References65
NVD
NVD
added last week8 views

CVE-2026-6684

FatFs prior to R0.16 that use GPT scanning with 'FFLBA64 = 1' contains an issue where an unbounded loop count derived from GPT header field GPTHPtNum, enabling extremely long or effectively infinite mount-time scans. This maps to CWE-835 Loop with Unreachable Exit Condition. Estimated CVSS v3.1...

4.6CVSS0.00205EPSS
Exploits2References4
EUVD
EUVD
added last week6 views

EUVD-2026-40997

A vulnerability has been identified in the Feast Feature Server’s /save-document endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling a...

9.1CVSS6.2AI score0.00568EPSS
Exploits0References3
EUVD
EUVD
added last week6 views

EUVD-2026-40994

FatFs prior to R0.16 that use GPT scanning with 'FFLBA64 = 1' contains an issue where an unbounded loop count derived from GPT header field GPTHPtNum, enabling extremely long or effectively infinite mount-time scans. This maps to CWE-835 Loop with Unreachable Exit Condition. Estimated CVSS v3.1...

4.6CVSS5.8AI score0.00205EPSS
Exploits2References4
EUVD
EUVD
added last week7 views

EUVD-2026-40992

In FatFS R0.16 and earlier contains a FAT32 integer overflow bug in mountvolume where fasize = fs-nfats can wrap, leading to attacker-controlled file-size metadata and unsafe read lengths in downstream callers. This maps to CWE-190 Integer Overflow or Wraparound. Estimated CVSS v3.1 vector:...

7.6CVSS5.9AI score0.0021EPSS
Exploits2References4
Cvelist
Cvelist
added 2026/07/01 12:2 a.m.36 views

CVE-2026-41579 runc: Malicious image with /dev symlink can trigger limited host filesystem integrity violations

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions prior to 1.3.6, 1.4.0-rc.1, 1.4.0-rc.12, 1.5.0-rc.1, and 1.5.0-rc.1, when setting up the container rootfs, setupPtmx and setupDevSymlinks call os.Remove and os.Symlink with a filepath.Join strin...

3.3CVSS0.00222EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/07/01 12:2 a.m.9 views

CVE-2026-41579

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions prior to 1.3.6, 1.4.0-rc.1, 1.4.0-rc.12, 1.5.0-rc.1, and 1.5.0-rc.1, when setting up the container rootfs, setupPtmx and setupDevSymlinks call os.Remove and os.Symlink with a filepath.Join strin...

3.3CVSS5.9AI score0.00222EPSS
Exploits0
CVE
CVE
added 2026/06/30 10:39 p.m.18 views

CVE-2026-14052

CVE-2026-14052 describes insufficient policy enforcement in Google Chrome’s FileSystem, before version 150.0.7871.47, allowing a remote attacker to bypass discretionary access control via a crafted HTML page. Root cause is improper FileSystem permission enforcement. Impact per the documents is a ...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/30 10:39 p.m.5 views

CVE-2026-14052

Insufficient policy enforcement in FileSystem in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00221EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/30 10:39 p.m.24 views

CVE-2026-14052

Insufficient policy enforcement in FileSystem in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...

0.00221EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 5:16 p.m.11 views

CVE-2026-58168

DeepTutor before version 1.4.10 contains an authorization bypass vulnerability that allows low-privilege users to invoke unrestricted MCP tools due to the allowedmcptools function returning None instead of a denied result when mcptools is omitted from a user's grant in...

8.8CVSS0.00412EPSS
Exploits0References4
CVE
CVE
added 2026/06/30 3:55 p.m.13 views

CVE-2026-58173

Vibe-Trading prior to 0.1.10 is affected by a path traversal vulnerability in which the memory_type value, supplied via the remember tool to the persistent memory store, enables writing files outside the intended memory root. This can allow an attacker to create arbitrary Markdown files at uninte...

6.5CVSS5.9AI score0.00307EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/30 3:52 p.m.7 views

EUVD-2026-40375

DeepTutor before version 1.4.10 contains an authorization bypass vulnerability that allows low-privilege users to invoke unrestricted MCP tools due to the allowedmcptools function returning None instead of a denied result when mcptools is omitted from a user's grant in...

8.8CVSS5.8AI score0.00412EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.4 views

PT-2026-54327

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement in the FileSystem component allows a remote attacker to bypass discretionary access control, which is a security mechanism that restricts access to objec...

9.6CVSS6AI score0.00413EPSS
Exploits0References437
NVD
NVD
added 2026/06/29 11:16 p.m.10 views

CVE-2026-8023

Zephyr's HTTP server subsys/net/lib/http provides a static-filesystem resource type HTTPRESOURCETYPESTATICFS, available when CONFIGFILESYSTEM is enabled that serves files from a configured root directory. Before this fix, both the HTTP/1 and HTTP/2 front-ends placed the raw, attacker-controlled...

7.5CVSS0.00912EPSS
Exploits1References2
Rows per page
Query Builder