CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

RustSec•added 2026/05/21 12:0 p.m.•14 views

WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-2r75-cxrj-cmph For more information see the GitHub-hosted security advisory...

7.5CVSS5.8AI score0.005EPSS

Exploits0Affected Software1

OSV•added 2026/05/16 12:0 p.m.•5 views

RUSTSEC-2026-0148 OCI layer symlink escape → arbitrary host write

Affected versions of boxlite extract OCI image layer tarballs without fully containing path resolution to the extraction root. A crafted layer containing a symlink whose target is an absolute on-host path e.g. escape - /tmp followed by a file entry that resolves through that symlink e.g...

10CVSS5.8AI score0.00482EPSS

Exploits0References6

RustSec•added 2026/05/16 12:0 p.m.•12 views

OCI layer symlink escape → arbitrary host write

9.6CVSS5.8AI score0.00482EPSS

Exploits0Affected Software1

EUVD•added 2026/03/06 9:31 a.m.•5 views

EUVD-2026-10026

An authenticated Zabbix user User role with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit templates/hosts even...

5.1CVSS5.8AI score0.00255EPSS

Exploits0References2

RedhatCVE•added 2026/03/06 9:16 a.m.•5 views

CVE-2026-23925

A flaw was found in Zabbix. An authenticated user with the 'User' role, who also possesses write permissions for templates or hosts, can exploit the configuration.import API. This allows them to create unauthorized objects, such as hosts, which can lead to a loss of confidentiality within the...

7.6CVSS5.8AI score0.00255EPSS

Exploits0References4

NVD•added 2026/03/06 9:15 a.m.•8 views

CVE-2026-23925

8.1CVSS0.00255EPSS

Exploits0References1

UbuntuCve•added 2026/03/06 9:15 a.m.•2 views

CVE-2026-23925

5.1CVSS5.9AI score0.00255EPSS

Exploits0References2

OSV•added 2026/03/06 9:15 a.m.•3 views

UBUNTU-CVE-2026-23925

8.1CVSS5.8AI score0.00255EPSS

Exploits0References3

ATTACKERKB•added 2026/03/06 8:24 a.m.•4 views

CVE-2026-23925

5.1CVSS5.8AI score0.00255EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/03/06 8:24 a.m.•28 views

CVE-2026-23925 Unauthorized host creation via configuration.import API by low-privilege user with write permissions

5.1CVSS0.00255EPSS

Exploits0References1

Debian CVE•added 2026/03/06 8:24 a.m.•7 views

CVE-2026-23925

8.1CVSS5.3AI score0.00255EPSS

Exploits0

CNNVD•added 2026/03/06 12:0 a.m.•4 views

Zabbix 安全漏洞

Zabbix is a set of open-source monitoring systems developed by Zabbix Inc. This system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. Zabbix has security vulnerabilities; these vulnerabilities stem from authenticated users with template/host write...

5.1CVSS5.8AI score0.00255EPSS

Exploits0References1

OSV•added 2026/01/22 10:16 p.m.•2 views

UBUNTU-CVE-2026-23954

Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image e.g a member of the ‘incus’ group to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file...

8.7CVSS7.5AI score0.00731EPSS

Exploits1References7

CNNVD•added 2023/03/29 12:0 a.m.•2 views

runc 安全漏洞

runc is a CLI Command Line Interface tool for generating and running containers according to the OCI specification. A security vulnerability exists in runc versions prior to 1.1.5, which stems from the fact that runc does not specify the namespace to be unshared when executing within the user...

6.3CVSS7.4AI score0.00327EPSS

Exploits1References8

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by