Lucene search
+L

997 matches found

NVD
NVD
added 2026/07/10 3:16 a.m.7 views

CVE-2026-15319

A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the function IPAllowlist of the file web/backend/middleware/accesscontrol.go of the component Launcher. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit...

7.5CVSS0.00323EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/10 1:45 a.m.7 views

EUVD-2026-42775

A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the function IPAllowlist of the file web/backend/middleware/accesscontrol.go of the component Launcher. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit...

7.5CVSS6.4AI score0.00323EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/10 1:45 a.m.36 views

CVE-2026-15319 Sipeed PicoClaw Launcher access_control.go IPAllowlist access control

A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the function IPAllowlist of the file web/backend/middleware/accesscontrol.go of the component Launcher. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit...

7.5CVSS0.00323EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/09 10:16 p.m.12 views

Malicious code in proxy-check-i (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2da390c130eb840eb129a5d43faf0a64a0f0f602070243613aa0e2f8ea8f6d04 The package advertises itself as a wrapper for a 'qsshd executable' but the bundled Go binary is a reverse-SSH daemon that grants a remote operator...

6.3AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/09 12:0 a.m.5 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : mailcap vulnerability (USN-8518-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8518-1 advisory. Aaron Rainbolt discovered that the cautious-launcher utility in the mailcap package did not properly restrict the execution of...

8.8CVSS6.5AI score0.0012EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/07/08 5:15 p.m.5 views

USN-8518-1: mailcap vulnerability

Aaron Rainbolt discovered that the cautious-launcher utility in the mailcap package did not properly restrict the execution of certain file types. An attacker could use this issue to escape a sandboxed application and execute arbitrary code on the host operating system...

8.8CVSS6.5AI score0.0012EPSS
Exploits0
OSV
OSV
added 2026/07/08 5:15 p.m.3 views

USN-8518-1 mailcap vulnerability

Aaron Rainbolt discovered that the cautious-launcher utility in the mailcap package did not properly restrict the execution of certain file types. An attacker could use this issue to escape a sandboxed application and execute arbitrary code on the host operating system...

8.8CVSS6.5AI score0.0012EPSS
Exploits0References2
OSV
OSV
added 2026/07/07 12:0 a.m.2 views

OPENSUSE-SU-2026:11200-1 heroic-games-launcher-2.22.0-4.1 on GA media

These are all security issues fixed in the heroic-games-launcher-2.22.0-4.1 package on the GA media of openSUSE Tumbleweed...

8.6CVSS6.1AI score0.00346EPSS
Exploits1References3
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-363 Jupyter Enterprise Gateway: ContainerProcessProxy._enforce_prohibited_ids Bypass

Summary Jupyter Enterprise Gateway has a prohibited UID and GID feature that by default prevents launching kernels with UID or GID 0 root. This can be bypassed. It is possible to launch kernels with a prohibited UID and/or GID by using a specially crafted KERNELUID or KERNELGID value. The feature...

9.8CVSS6.2AI score0.00106EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 12:0 a.m.2 views

OPENSUSE-SU-2026:11145-1 heroic-games-launcher-2.22.0-3.1 on GA media

These are all security issues fixed in the heroic-games-launcher-2.22.0-3.1 package on the GA media of openSUSE Tumbleweed...

8.7CVSS5.8AI score0.00782EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/26 4:0 p.m.42 views

CVE-2026-13434 Virt-controller-rhel9: kubevirt: kubevirt: multus default-network annotation injection via unvalidated tenant networkname when externalnetresourceinjection is enabled

A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus network configuration, the supplied networkName value is written verbatim into the launcher pod's v1.multus-cni.io/default-network annotation without format validation or...

4.9CVSS0.00155EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/25 11:23 p.m.10 views

CVE-2026-13218

A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data to a launcher-rooted path using os.WriteFile and os.Chown without symlink protection. A user with access to the virt-launcher container can plant a symlink at the cache file path, causin...

4.2CVSS5.9AI score0.00107EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 12:0 a.m.3 views

UNIX Symbolic Link (Symlink) Following

Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following through the WriteToCachedFile function when handling network cache files in certain configurations. An attacker can overwrite specific host files and change their ownership by planting a symbolic lin...

4.2CVSS6.1AI score0.00107EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 9:16 p.m.8 views

CVE-2026-13208

A flaw was found in KubeVirt's virt-handler domain notify server. The gRPC handlers for HandleDomainEvent and HandleK8SEvent derive the VMI identity namespace/name solely from the request body without validating it against the connection's origin. Each virt-launcher pod connects through a per-VMI...

6.5CVSS0.0009EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 9:16 p.m.10 views

CVE-2026-13201

A flaw was found in KubeVirt's safepath package used by virt-handler. The OpenAtNoFollow function uses OPATH|ONOFOLLOW to obtain a file descriptor to a path leaf, but downstream operations resolve the path via /proc/self/fd/N using link-following syscalls. When the leaf is a symlink, the kernel...

7.3CVSS0.00122EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:39 p.m.5 views

CVE-2026-13201

A flaw was found in KubeVirt's safepath package used by virt-handler. The OpenAtNoFollow function uses OPATH|ONOFOLLOW to obtain a file descriptor to a path leaf, but downstream operations resolve the path via /proc/self/fd/N using link-following syscalls. When the leaf is a symlink, the kernel...

7.3CVSS6AI score0.00122EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 8:39 p.m.6 views

EUVD-2026-39086

A flaw was found in KubeVirt's safepath package. The OpenAtNoFollow function uses OPATH|ONOFOLLOW to obtain a file descriptor to a path leaf, but downstream helpers operate via /proc/self/fd/N using link-following syscalls. When the leaf is a symlink, the kernel dereferences it, defeating the...

5.2CVSS5.8AI score0.00122EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/24 8:39 p.m.8 views

CVE-2026-13201 Kubevirt: virt-handler-rhel9: kubevirt: safepath symlink following in virt-handler enables notify socket hijacking and node-level vm disruption

A flaw was found in KubeVirt's safepath package used by virt-handler. The OpenAtNoFollow function uses OPATH|ONOFOLLOW to obtain a file descriptor to a path leaf, but downstream operations resolve the path via /proc/self/fd/N using link-following syscalls. When the leaf is a symlink, the kernel...

7.3CVSS6AI score0.00122EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/24 8:38 p.m.10 views

CVE-2026-13201

A flaw was found in KubeVirt's safepath package used by virt-handler. The OpenAtNoFollow function uses OPATH|ONOFOLLOW to obtain a file descriptor to a path leaf, but downstream operations resolve the path via /proc/self/fd/N using link-following syscalls. When the leaf is a symlink, the kernel...

7.3CVSS6AI score0.00122EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 6:17 p.m.11 views

CVE-2026-48731

Warp is an agentic development environment. From 0.2024.02.20.08.01.stable01 until 0.2026.05.06.15.42.stable01, Warp contains a command injection issue in the Linux external editor launcher. Warp expanded freedesktop .desktop Exec templates for affected editor integrations and executed the expand...

7.8CVSS0.00496EPSS
Exploits0References2
Rows per page
Query Builder