7 matches found
CVE-2026-41579 runc: Malicious image with /dev symlink can trigger limited host filesystem integrity violations
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions prior to 1.3.6, 1.4.0-rc.1, 1.4.0-rc.12, 1.5.0-rc.1, and 1.5.0-rc.1, when setting up the container rootfs, setupPtmx and setupDevSymlinks call os.Remove and os.Symlink with a filepath.Join strin...
CVE-2026-54889
Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':todelta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':defaultconvertnode/3 in...
EEF-CVE-2026-54889 Unsanitized URL schemes in MDEx Quill Delta output allow javascript: injection (XSS)
Summary Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':to\delta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':default\convert\node/3...
PT-2026-41765
Name of the Vulnerable Software and Affected Versions Docker affected versions not specified Description When handling 'PUT /containers/id/archive' requests with compressed archives, the daemon decompresses them using external system binaries. Due to incorrect operation ordering, these binaries a...
NewStart CGSL MAIN 6.06 (SP) : cloud-init Multiple Vulnerabilities (NS-SA-2026-0026)
The remote NewStart CGSL host, running version MAIN 6.06 SP, has cloud-init packages installed that are affected by multiple vulnerabilities: - The default cloud-init configuration, in cloud-init 0.6.2 and newer, included sshdeletekeys: 0, disabling cloud-init's deletion of ssh host keys. In some...
libnbd 代码问题漏洞
libnbd is a library for editing NBD Network Block Device clients. A code issue vulnerability exists in libnbd that stems from the product's copy tool, nbdcopy, blindly treating the completion of an asynchronous command as a success without checking the resultant error parameter when performing a...
PT-2012-1203 · Document Foundation +4 · Libreoffice +5
Name of the Vulnerable Software and Affected Versions: LibreOffice versions prior to 3.5.3 OpenOffice.org versions 3.3, 3.4 Beta, and possibly earlier Description: The issue is related to errors in number processing in the vclmi.dll component of the OpenOffice.org module in LibreOffice...