Lucene search
K

11 matches found

OSV
OSV
added 2026/06/26 7:13 p.m.5 views

GHSA-F6M5-XW2G-XC4X Incus has an arbitrary file write on its client due to trusted image hash

Summary An arbitrary file write exists in the Incus client when a malicious image server returns a crafted Incus-Image-Hash header. This can lead to arbitrary command execution as root on the server. Details - cmd/incusd/images.go:611-684 handles source.type=url by HEADing the user-supplied URL,...

9.9CVSS6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-53016

Name of the Vulnerable Software and Affected Versions Incus affected versions not specified Description An arbitrary file write exists in the Incus client that can lead to arbitrary command execution as root on the server. The issue occurs when the client processes a request with source.type=url...

9.9CVSS6.2AI score
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.10 views

CVE-2026-43986

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose a public /image/ route that resolves attacker-controlled entries from imagehashlookup and replays them through the same server-side image fetch logic used by authenticated image proxying...

9.9CVSS5.6AI score0.00262EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 2:33 p.m.37 views

CVE-2026-43986 Tautulli vulnerable to unauthenticated SSRF in /image/<hash> via attacker-seeded image hash replay

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose a public /image/ route that resolves attacker-controlled entries from imagehashlookup and replays them through the same server-side image fetch logic used by authenticated image proxying...

9.9CVSS0.00262EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 2:33 p.m.7 views

CVE-2026-43986

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose a public /image/ route that resolves attacker-controlled entries from imagehashlookup and replays them through the same server-side image fetch logic used by authenticated image proxying...

9.9CVSS5.9AI score0.00262EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/04 2:33 p.m.9 views

CVE-2026-43986 Tautulli vulnerable to unauthenticated SSRF in /image/<hash> via attacker-seeded image hash replay

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose a public /image/ route that resolves attacker-controlled entries from imagehashlookup and replays them through the same server-side image fetch logic used by authenticated image proxying...

9.9CVSS5.9AI score0.00262EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/04 2:33 p.m.14 views

EUVD-2026-34286

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose a public /image/ route that resolves attacker-controlled entries from imagehashlookup and replays them through the same server-side image fetch logic used by authenticated image proxying...

9.9CVSS5.9AI score0.00262EPSS
Exploits0References2
OSV
OSV
added 2026/06/04 2:33 p.m.3 views

CVE-2026-43986 Tautulli vulnerable to unauthenticated SSRF in /image/<hash> via attacker-seeded image hash replay

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose a public /image/ route that resolves attacker-controlled entries from imagehashlookup and replays them through the same server-side image fetch logic used by authenticated image proxying...

9.9CVSS6AI score0.00262EPSS
Exploits0References4
CVE
CVE
added 2026/06/04 2:33 p.m.40 views

CVE-2026-43986

Tautulli (Python-based tool for Plex) prior to v2.17.1 exposes a public /image/ endpoint that uses image_hash_lookup to replay server-side image fetch logic. A low-privilege guest can seed a malicious external image URL and trigger SSRF via an unauthenticated endpoint, turning an authenticated SS...

9.9CVSS5.9AI score0.00262EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.14 views

PT-2026-46259

Name of the Vulnerable Software and Affected Versions Tautulli versions prior to 2.17.1 Description Tautulli contains a Server-Side Request Forgery SSRF issue where a public endpoint '/image/' resolves entries from image hash lookup and processes them using the same server-side image fetch logic ...

9.9CVSS5.6AI score0.00262EPSS
Exploits0References4
Hacker One
Hacker One
added 2025/11/11 3:55 p.m.31 views

curl: Hash exposed in public repository

An image hash is publicly exposed on Github Steps to reproduce: See at https://github.com/curl/curl/blob/master/Dockerfile Solution: If you want to keep the hash, the repository should be private Use official tags without specific hashes or environment variables Best, @skymander Impact An attacke...

6.9AI score
Exploits0
Rows per page
Query Builder