Lucene search
K

1095 matches found

Snyk
Snyk
added 2026/06/19 7:35 p.m.7 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the propagation of unvalidated LABEL values from image configuration to container labels. An attacker can execute arbitrary commands on the host by...

9.4CVSS6.2AI score0.00203EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 7:35 p.m.6 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the propagation of unvalidated LABEL values from image configuration to container labels. An attacker can execute arbitrary commands on the host by...

9.4CVSS6.2AI score0.00203EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 7:35 p.m.6 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the propagation of unvalidated LABEL values from image configuration to container labels. An attacker can execute arbitrary commands on the host by...

9.4CVSS6.2AI score0.00203EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 7:35 p.m.9 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the propagation of unvalidated LABEL values from image configuration to container labels. An attacker can execute arbitrary commands on the host by...

9.4CVSS6.2AI score0.00203EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 7:35 p.m.7 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the propagation of unvalidated LABEL values from image configuration to container labels. An attacker can execute arbitrary commands on the host by...

9.4CVSS6.2AI score0.00203EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 7:35 p.m.6 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the propagation of unvalidated LABEL values from image configuration to container labels. An attacker can execute arbitrary commands on the host by...

9.4CVSS6.2AI score0.00203EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 7:35 p.m.9 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview github.com/containerd/containerd/pkg/cri/server is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer an...

9.4CVSS6.3AI score0.00203EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 7:35 p.m.5 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the propagation of unvalidated LABEL values from image configuration to container labels. An attacker can execute arbitrary commands on the host by...

9.4CVSS6.2AI score0.00203EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 7:35 p.m.6 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the propagation of unvalidated LABEL values from image configuration to container labels. An attacker can execute arbitrary commands on the host by...

9.4CVSS6.2AI score0.00203EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 7:35 p.m.10 views

containerd CRI — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull

Impact A bug was found in containerd where the CRI plugin propagates labels from an image config LABEL instruction in Dockerfile to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels for some operations. Patch...

9.4CVSS6AI score0.00203EPSS
Exploits0References2Affected Software2
Snyk
Snyk
added 2026/06/19 7:35 p.m.7 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the CRI checkpoint import. An attacker can cause arbitrary code execution by crafting a checkpoint image that forces the system to pull a malicious image and assign it an arbitrary local...

9.9CVSS6.5AI score0.00354EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 6:32 p.m.9 views

EUVD-2026-38063

The WP Go Maps – Most Popular Map Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 10.1.01. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers ...

5.3CVSS6AI score0.00205EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 6:17 a.m.15 views

CVE-2026-1856

The Appointment Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom booking field labels in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00193EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 4:31 a.m.13 views

EUVD-2026-37980

The Appointment Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom booking field labels in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6AI score0.00193EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:31 a.m.7 views

CVE-2026-1856

The Appointment Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom booking field labels in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6AI score0.00193EPSS
Exploits0References5
CVE
CVE
added 2026/06/19 4:31 a.m.23 views

CVE-2026-1856

Summary: CVE-2026-1856 affects the WordPress plugin “Appointment Booking Calendar” (Creavi Booking Service)

6.4CVSS5.5AI score0.00193EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-51004

Name of the Vulnerable Software and Affected Versions WP Go Maps versions prior to 10.1.02 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. Unauthenticated attackers can create arbitrary records in plugin...

5.3CVSS6AI score0.00205EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-51056

Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.3.2 containerd versions prior to 2.2.5 containerd versions prior to 2.1.9 containerd versions prior to 2.0.10 containerd versions prior to 1.7.33 Description A bug in the CRI plugin allows the propagation of labe...

9.4CVSS6.2AI score0.00208EPSS
Exploits0References66
Cvelist
Cvelist
added 2026/06/18 7:29 p.m.23 views

CVE-2026-56099 OpenBSD mpls_do_error Kernel Stack Memory Disclosure via MPLS Input

OpenBSD before commit 6a23123 2026-06-18 contains an out-of-bounds read vulnerability in the mplsdoerror function within sys/netmpls/mplsinput.c that allows remote attackers to disclose kernel stack memory by sending crafted MPLS frames with 16 labels and no Bottom-of-Stack bit set...

6.9CVSS0.00423EPSS
Exploits2References3
CVE
CVE
added 2026/06/18 7:29 p.m.27 views

CVE-2026-56099

OpenBSD before commit 6a23123 (2026-06-18) contains an out-of-bounds read in sys/netmpls/mpls_input.c:mpls_do_error, allowing remote disclosure of kernel stack memory by crafting MPLS frames with 16 labels and no Bottom-of-Stack bit. Affected component is the MPLS input handling path; root cause ...

6.9CVSS5.3AI score0.00423EPSS
Exploits2References5Affected Software1
Rows per page
Query Builder