4 matches found
EUVD-2026-12997
Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch server-side, and returns the...
EUVD-2025-24859
Malicious code in bioql PyPI...
CVE-2025-54867
Youki (Rust-based container runtime) before v0.5.5 is vulnerable: if /proc and /sys in the rootfs are symbolic links, an attacker with local access could potentially gain access to the host root filesystem. Root cause: improper handling of symbolic links in rootfs; impact: high (host filesystem a...
CVE-2025-54867 Youki Symlink Following Vulnerability
Youki is a container runtime written in Rust. Prior to version 0.5.5, if /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem. This issue has been patched in version 0.5.5...