Lucene search
K

114 matches found

Github Security Blog
Github Security Blog
added 2026/06/18 1:6 p.m.28 views

http-proxy-middleware `router` host+path substring matching allows Host-header-driven backend routing bypass

Summary http-proxy-middleware documents router proxy-table entries as host, path, or host+path selectors, but the host+path implementation uses unanchored substring matching on attacker-controlled request metadata. As a result, a crafted Host header that is only a superstring match for a configur...

8.6CVSS5.6AI score0.0034EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.20 views

PT-2026-50734

Name of the Vulnerable Software and Affected Versions http-proxy-middleware versions 0.16.0 through 2.0.9 http-proxy-middleware versions 3.0.0 through 3.0.5 http-proxy-middleware versions 4.0.0 through 4.0.9 Description An issue exists in the router proxy-table implementation where host+path...

8.6CVSS5.9AI score0.0034EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/06/13 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-42306

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version...

7.2CVSS6.2AI score0.00104EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 7:16 p.m.6 views

DEBIAN-CVE-2026-42306

Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to redirect a bind mount target to an arbitrary...

7.2CVSS5.3AI score0.00104EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 7:16 p.m.20 views

CVE-2026-42306

Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to redirect a bind mount target to an arbitrary...

7.2CVSS0.00104EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 7:16 p.m.7 views

DEBIAN-CVE-2026-41568

Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to create empty files or directories at arbitra...

6.1CVSS5.3AI score0.00108EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 7:16 p.m.10 views

UBUNTU-CVE-2026-42306

Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to redirect a bind mount target to an arbitrary...

7.2CVSS5.3AI score0.00104EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 6:9 p.m.14 views

EUVD-2026-36528

Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to redirect a bind mount target to an arbitrary...

7.2CVSS5.2AI score0.00104EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 6:9 p.m.11 views

CVE-2026-42306 Moby: Race condition in docker cp allows bind mount redirection to host path

Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to redirect a bind mount target to an arbitrary...

7.2CVSS5.2AI score0.00104EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 6:9 p.m.74 views

CVE-2026-42306

CVE-2026-42306 affects Moby/Docker: a race condition during docker cp mount setup could redirect a bind mount target to an arbitrary host path, potentially overwriting host files or causing denial of service. Affected are Docker Engine prior to 29.5.1, Docker Daemon 28.5.2 and earlier, and Moby D...

7.2CVSS5.2AI score0.00104EPSS
Exploits0References1Affected Software3
Cvelist
Cvelist
added 2026/06/12 6:9 p.m.28 views

CVE-2026-42306 Moby: Race condition in docker cp allows bind mount redirection to host path

Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to redirect a bind mount target to an arbitrary...

7.2CVSS0.00104EPSS
Exploits0References1
Amazon
Amazon
added 2026/06/08 12:0 a.m.20 views

Important: docker

Issue Overview: The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated client...

10CVSS5.6AI score0.00533EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.10 views

CVE-2026-44002

A flaw was found in vm2 before 3.11.0. The CallSite wrapper blocks getThis and getFunction but returns unsanitized host absolute paths from getFileName, allowing sandboxed code to learn host directory layout, library paths, and framework versions. Fixed in 3.11.0...

5.8CVSS5.8AI score0.00241EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.12 views

CVE-2026-44850

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer offers an environment-level Disable bind mounts for...

8.5CVSS5.5AI score0.00206EPSS
Exploits1References1
F5 Networks
F5 Networks
added 2026/06/01 3:16 p.m.24 views

K000161495: Rancher Local Path Provisioner vulnerability CVE-2025-62878

Security Advisory Description A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories. CVE-2025-62878 Impact There is no impact; F5 products...

9.9CVSS5.9AI score0.00581EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/05/30 2:12 a.m.11 views

CVE-2026-44543

Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by...

8.7CVSS5.8AI score0.00368EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:3 p.m.14 views

CVE-2026-44850

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer offers an environment-level Disable bind mounts for...

5.8AI score0.00206EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/05/28 5:16 p.m.14 views

CVE-2026-44543

Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by...

8.7CVSS0.00368EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 4:41 p.m.36 views

CVE-2026-44543 Local Path Provisioner: HelperPod Template Injection

Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by...

8.7CVSS0.00368EPSS
Exploits0References1
OSV
OSV
added 2026/05/28 4:41 p.m.4 views

CVE-2026-44543 Local Path Provisioner: HelperPod Template Injection

Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by...

8.7CVSS6AI score0.00368EPSS
Exploits0References3
Rows per page
Query Builder