Lucene search
+L

196 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-50135

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hugo is a static site generator. From 0.123.0 to 0.161.1, a regression made RootMappingFs.statRoot use Stat follows symlinks instead of Lstat , so a direct...

6.9CVSS6.2AI score0.00275EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/29 10:15 p.m.51 views

CVE-2026-8023 Path traversal in Zephyr HTTP server static-filesystem resource handler allows unauthenticated remote arbitrary file read

Zephyr's HTTP server subsys/net/lib/http provides a static-filesystem resource type HTTPRESOURCETYPESTATICFS, available when CONFIGFILESYSTEM is enabled that serves files from a configured root directory. Before this fix, both the HTTP/1 and HTTP/2 front-ends placed the raw, attacker-controlled...

7.5CVSS0.00912EPSS
Exploits1References2
CVE
CVE
added 2026/06/26 8:54 p.m.28 views

CVE-2026-53576

Kestra prior to versions 1.0.45 and 1.3.21 contained an authentication filter bypass on the REST API. Requests whose path ends in /configs were treated as the public instance-config endpoint and forwarded without credential checks, allowing anonymous access to resources such as /api/v1/{tenant}/f...

10CVSS5.8AI score0.00472EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2026/06/24 12:16 a.m.11 views

CVE-2026-7574

Anthropic Claude Desktop Cowork VM image handling confirmed across v1.1348.0 through v1.2278.0, including v1.1348.0, v1.1617.0, and v1.2278.0 validates only file presence and a version marker string before booting rootfs.img, but does not verify image content integrity at time-of-use. A local...

8.7CVSS0.00103EPSS
Exploits1References2
NVD
NVD
added 2026/06/22 6:16 p.m.17 views

CVE-2026-54286

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on Windows hosts, an encoded backslash %5C in the request path decodes to , which the Windows path resolver treats as a separator. serve-static then resolves a single URL segment such as...

5.9CVSS0.00292EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/19 5:45 p.m.8 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the os.ReadFile function during direct lookups via resources.Get. An attacker can access arbitrary files outside the intended directory by placing a symlink inside a mounted directory that points to files outside the...

6.5CVSS6AI score0.00318EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/17 1:24 p.m.4 views

util-linux: util-linux: heap use-after-free in libblkid nested partition probing

A flaw was found in the libblkid library of util-linux. During nested partition probing, the BSD, Minix, Solaris x86, and UnixWare partition probers cache a raw pointer to a parent partition entry in a dynamically allocated array. When subsequent partition additions cause the array to be...

6.8CVSS6AI score0.00112EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/16 8:12 p.m.14 views

Hugo: Symlink confinement bypass in resources.Get

Commit: f8b5fa09a6 — Fix prevention of direct symlink reads in resources.Get Affected versions: v0.123.0 through v0.161.1. Earlier versions are not affected. Fixed in: v0.162.0. Severity: Medium. Requires the attacker to be able to place or convince a site author to place a symlink inside a mount...

6.9CVSS5.6AI score0.00275EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.18 views

PT-2026-48510

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.24.0 Description Fission is an open-source, Kubernetes-native serverless framework used for deploying functions and applications on Kubernetes. In affected versions, builder pods are created with the...

4.9CVSS5.8AI score0.00255EPSS
Exploits0References9
OSV
OSV
added 2026/06/08 5:16 p.m.9 views

UBUNTU-CVE-2026-46303

In the Linux kernel, the following vulnerability has been resolved: isofs: validate Rock Ridge CE continuation extent against volume size rockcontinue reads rs-contextent verbatim from the Rock Ridge CE record and passes it to sbbread without checking that the block number is within the mounted I...

8.2CVSS5.5AI score0.00278EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/06/02 9:9 p.m.8 views

CVE-2026-8936

Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event. This issue has been fixed in Docker Desktop 4.76.0...

8.2CVSS5.7AI score0.00115EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.19 views

PT-2026-45868

Name of the Vulnerable Software and Affected Versions Docker Desktop versions prior to 4.76.0 Description A VM panic occurs due to unbounded recursion within the grpcfuse kernel module. This happens when a container creates deeply nested directories on a bind-mounted host folder and triggers a...

8.2CVSS5.8AI score0.00115EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.15 views

PT-2026-44416

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.21 Description In the app.mount function, the mount prefix is stripped from the incoming request path using the raw URL pathname, whereas route matching is conducted against the percent-decoded path. This...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.21 views

PT-2026-44247

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description The issue exists in the isofs module where isofs fh to dentry and isofs fh to parent pass an attacker-controlled block numbe...

7.5CVSS5.9AI score0.00425EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/27 2:22 p.m.10 views

CVE-2026-47118

Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...

7.1CVSS5.9AI score0.00375EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ext4: Added bounds checking in getmaxinlinexattrvaluesize. Normally, extended attributes within the inode body would be checked when the inode was first opened. However, if someone writes to the block device while the file system...

7.8CVSS6AI score0.00145EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper handling of the unsharefs function in the unshare component when combined with CLONENEWN...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References1
CNVD
CNVD
added 2026/05/07 12:0 a.m.13 views

OpenClaw has an unspecified vulnerability (CNVD-2026-20009)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from the failure of the OpenShell file system bridge to properly validate symbolic link exchanges when handling file system operations, which can be exploited by an...

8.3CVSS6AI score0.00208EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.13 views

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from the failure of the OpenShell file system bridge to properly validate symbolic link exchanges when handling file system operations, which can be exploited by an...

8.3CVSS6AI score0.00208EPSS
Exploits0References1
CNVD
CNVD
added 2026/04/10 12:0 a.m.3 views

OpenClaw has an unspecified vulnerability (CNVD-2026-17185)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to redirect files outside of a container's mounted namespace using a contention condition...

6.3CVSS5.7AI score0.00078EPSS
Exploits0
Rows per page
Query Builder