1663 matches found
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the helm pull --untar chart URL | repo/chartname command. An attacker can cause files to be written to unintended directories, potentially overwriting existing files or placing malicious files in accessible...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the helm pull --untar chart URL | repo/chartname command. An attacker can cause files to be written to unintended directories, potentially overwriting existing files or placing malicious files in accessible...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the helm pull --untar chart URL | repo/chartname command. An attacker can cause files to be written to unintended directories, potentially overwriting existing files or placing malicious files in accessible...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the helm pull --untar chart URL | repo/chartname command. An attacker can cause files to be written to unintended directories, potentially overwriting existing files or placing malicious files in accessible...
CVE-2026-5973
A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function getmimetype of the file metagpt/utils/common.py. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The project was...
GHSA-G977-H85W-H2XJ MetaGPT has an Injection issue
A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function checksolution of the component HumanEvalBenchmark/MBPPBenchmark. Performing a manipulation results in code injection. The attack may be initiated remotely. The exploit is now public and may be used. Th...
SUSE-SU-2026:21215-1 Security update for patterns-glibc-hwcaps
This update for patterns-glibc-hwcaps fixes the following issues: The pattern is moved from PackageHub to regular SLES. It requires packages for the x8664 v3 architecture and is automatically pulled in when this architecture is present. These packages are optimized for the x8664 v3 architecture t...
PT-2026-31787
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the safe extractall function in PraisonAI's recipe registry validates archive members against path traversal attacks but performs no checks on individual member sizes, cumulative extracted size, or member count before calling...
Helm 路径遍历漏洞
Helm is a Kubernetes package manager offered by the CNCF Foundation. Versions of Helm prior to 3.20.1 and 4.1.3 had a path traversal vulnerability. This vulnerability stemmed from specially crafted Charts, which could cause the helm pull --untar command to write Chart contents to an output...
Linux Distros Unpatched Vulnerability : CVE-2026-33540
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull- through cache mode, distribution discovers token auth...
EUVD-2026-19933
A weakness has been identified in suvarchal docker-mcp-server up to 0.1.0. The impacted element is the function stopcontainer/removecontainer/pullimage of the file src/index.ts of the component HTTP Interface. This manipulation causes os command injection. The attack is possible to be carried out...
CVE-2026-5741
A weakness has been identified in suvarchal docker-mcp-server up to 0.1.0. The impacted element is the function stopcontainer/removecontainer/pullimage of the file src/index.ts of the component HTTP Interface. This manipulation causes os command injection. The attack is possible to be carried out...
CVE-2026-5741 suvarchal docker-mcp-server HTTP index.ts pull_image os command injection
A weakness has been identified in suvarchal docker-mcp-server up to 0.1.0. The impacted element is the function stopcontainer/removecontainer/pullimage of the file src/index.ts of the component HTTP Interface. This manipulation causes os command injection. The attack is possible to be carried out...
CVE-2026-5741
A weakness has been identified in suvarchal docker-mcp-server up to 0.1.0. The impacted element is the function stopcontainer/removecontainer/pullimage of the file src/index.ts of the component HTTP Interface. This manipulation causes os command injection. The attack is possible to be carried out...
CVE-2026-5741
CVE-2026-5741 affects suvarchal/docker-mcp-server up to version 0.1.0. The vulnerability is in src/index.ts functions stop_container, remove_container, and pull_image of the HTTP Interface component, enabling remote command injection. Public exploit exists and could be used for attacks; project h...
CVE-2026-39306
PraisonAI is a multi-agent teams system. Prior to 1.5.113, PraisonAI's recipe registry pull flow extracts attacker-controlled .praison tar archives with tar.extractall and does not validate archive member paths before extraction. A malicious publisher can upload a recipe bundle that contains ../...
CVE-2026-39306
Summary of CVE-2026-39306 (PraisonAI): The vulnerability is a path traversal / arbitrary file write in PriasonAI’s recipe registry pull flow. Before version 1.5.113, the system extracts uploaded tar bundles with tar.extractall() without validating archive member paths, allowing a malicious publis...
CVE-2026-39306
PraisonAI is a multi-agent teams system. Prior to 1.5.113, PraisonAI's recipe registry pull flow extracts attacker-controlled .praison tar archives with tar.extractall and does not validate archive member paths before extraction. A malicious publisher can upload a recipe bundle that contains ../...
PT-2026-31014
A weakness has been identified in suvarchal docker-mcp-server up to 0.1.0. The impacted element is the function stop container/remove container/pull image of the file src/index.ts of the component HTTP Interface. This manipulation causes os command injection. The attack is possible to be carried...
Docker MCP Server 操作系统命令注入漏洞
Docker MCP Server is an MCP protocol server developed by Suvarchal Kumar Cheedela for Docker operations. Versions of Docker MCP Server prior to 0.1.0 have a vulnerability related to operating system command injection. This vulnerability stems from incorrect operations on the functions...