Lucene search
K

11 matches found

Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.6 views

PT-2026-20656

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description A flaw in the Navigation feature in Google Chrome before version 147.0.7727.55 could allow a remote attacker who has compromised the renderer process to leak cross-origin data through a...

9.8CVSS5.9AI score0.00608EPSS
Exploits0References68
OSV
OSV
added 2026/02/17 6:9 p.m.3 views

GO-2026-4494 lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access in github.com/treeverse/lakefs

lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access in github.com/treeverse/lakefs...

8.1CVSS5.5AI score0.0039EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/14 7:22 p.m.9 views

CVE-2026-26187

lakeFS is an open-source tool that transforms object storage into a Git-like repositories. Prior to 1.77.0, the local block adapter pkg/block/local/adapter.go allows authenticated users to read and write files outside their designated storage boundaries. The verifyRelPath function used...

8.1CVSS5.5AI score0.0039EPSS
Exploits0References1
NVD
NVD
added 2026/02/13 7:17 p.m.5 views

CVE-2026-26187

lakeFS is an open-source tool that transforms object storage into a Git-like repositories. Prior to 1.77.0, the local block adapter pkg/block/local/adapter.go allows authenticated users to read and write files outside their designated storage boundaries. The verifyRelPath function used...

8.1CVSS0.0039EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/13 6:34 p.m.9 views

EUVD-2026-5918

lakeFS is an open-source tool that transforms object storage into a Git-like repositories. Prior to 1.77.0, the local block adapter pkg/block/local/adapter.go allows authenticated users to read and write files outside their designated storage boundaries. The verifyRelPath function used...

8.1CVSS5.5AI score0.0039EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/13 6:34 p.m.2 views

CVE-2026-26187 lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access

lakeFS is an open-source tool that transforms object storage into a Git-like repositories. Prior to 1.77.0, the local block adapter pkg/block/local/adapter.go allows authenticated users to read and write files outside their designated storage boundaries. The verifyRelPath function used...

8.1CVSS5.5AI score0.0039EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/13 6:34 p.m.24 views

CVE-2026-26187 lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access

lakeFS is an open-source tool that transforms object storage into a Git-like repositories. Prior to 1.77.0, the local block adapter pkg/block/local/adapter.go allows authenticated users to read and write files outside their designated storage boundaries. The verifyRelPath function used...

8.1CVSS0.0039EPSS
Exploits0References3
CVE
CVE
added 2026/02/13 6:34 p.m.25 views

CVE-2026-26187

CVE-2026-26187 affects lakeFS before v1.77.0, where the local block adapter (pkg/block/local/adapter.go) allows authenticated users to read/write files outside the configured storage. The verifyRelPath check used strings.HasPrefix without requiring a separator, enabling path traversal to sibling ...

8.1CVSS5.5AI score0.0039EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/13 4:16 p.m.10 views

lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access

Summary Two path traversal vulnerabilities in the local block adapter allow authenticated users to read and write files outside their designated storage boundaries. Details The local block adapter in pkg/block/local/adapter.go had two path traversal vulnerabilities: 1. Prefix Bypass Vulnerability...

8.1CVSS5.5AI score0.0039EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/02/13 4:16 p.m.6 views

GHSA-699M-4V95-RMPM lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access

Summary Two path traversal vulnerabilities in the local block adapter allow authenticated users to read and write files outside their designated storage boundaries. Details The local block adapter in pkg/block/local/adapter.go had two path traversal vulnerabilities: 1. Prefix Bypass Vulnerability...

8.1CVSS5.5AI score0.0039EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/13 12:0 a.m.8 views

lakeFS 路径遍历漏洞

LakeFS is an open-source tool developed by Treeverse, capable of converting your object storage into a repository similar to Git. Versions of LakeFS prior to 1.77.0 contained a path traversal vulnerability. This vulnerability stemmed from insufficient path validation in the local block adapter,...

8.1CVSS5.8AI score0.0039EPSS
Exploits0References3
Rows per page
Query Builder