Lucene search
K

56 matches found

EUVD
EUVD
added 2026/07/06 8:15 p.m.8 views

EUVD-2026-24981

rm: --preserve-root bypassed via a symlink to / string check instead of dev/inode...

7.7CVSS5.9AI score0.00184EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/06 5:41 p.m.12 views

EUVD-2026-24963

chmod: --preserve-root bypassed by any path that resolves to root e.g. /../...

7.3CVSS5.9AI score0.00175EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/07/02 4:6 p.m.13 views

CVE-2026-53422 SFTP REALPATH path-existence oracle allowing filesystem enumeration outside configured root

Observable Response Discrepancy vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to enumerate the existence of files and directories outside the configured root directory. The SSHFXPREALPATH handler in sshsftpd calls relatefilename/3 with Canonicalize=false, unlik...

2.3CVSS5.8AI score0.00262EPSS
Exploits0References7
OSV
OSV
added 2026/07/01 6:16 p.m.3 views

DEBIAN-CVE-2026-46680

containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNonRoot evasion. If a crafted image provides an...

7.8CVSS5.7AI score0.00221EPSS
Exploits1References1
OSV
OSV
added 2026/07/01 6:16 p.m.4 views

UBUNTU-CVE-2026-46680

containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNonRoot evasion. If a crafted image provides an...

7.8CVSS5.7AI score0.00221EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/06/10 3:0 p.m.11 views

CVE-2026-49738

The path allowance check in GeneralUtility::isAllowedAbsPath performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as valid when the project root was /var/www/html. Administrator...

2.1CVSS5.4AI score0.00356EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 6:11 p.m.14 views

GHSA-P462-PRXW-MJX4 NASA AMMOS Instrument Toolkit: Path traversal resulting in arbitrary file append (can be triggered over the network by unauthenticated attacker)

Summary The Binary Stream Capture BSC component exposes an unauthenticated HTTP API for dynamically creating packet capture “handlers.” Because the code blindly trusts path‑related form fields, a remote client can: - Bypass the configured log root and direct BSC to log to arbitrary filesystem...

9.1CVSS6AI score0.00163EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.19 views

PT-2026-47089

Name of the Vulnerable Software and Affected Versions AIT-Core versions prior to 3.1.1 AIT-Core versions 2.x prior to 2.6.1 Description The Binary Stream Capture BSC component features an unauthenticated HTTP API for creating packet capture handlers. The system blindly trusts path-related form...

9.1CVSS6AI score0.00163EPSS
Exploits0References9
Snyk
Snyk
added 2026/05/21 9:40 p.m.10 views

Access of Resource Using Incompatible Type ('Type Confusion')

Overview Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via improper handling of numeric User directives in container configuration. An attacker can gain elevated privileges by supplying a crafted image with an /etc/passwd file that...

7.8CVSS5.7AI score0.00221EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/19 2:36 p.m.15 views

Algernon: handler.lua discovery walks parent directories above the server root

Summary When Algernon is asked for any URL path that resolves to a directory without an index file, DirPage walks upward through parent directories — past the configured server root — looking for a file named handler.lua to execute as the request handler. The loop terminates only after 100 ancest...

9CVSS6.5AI score0.00437EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/19 2:36 p.m.10 views

GHSA-XWCR-WM99-G9JC Algernon: handler.lua discovery walks parent directories above the server root

Summary When Algernon is asked for any URL path that resolves to a directory without an index file, DirPage walks upward through parent directories — past the configured server root — looking for a file named handler.lua to execute as the request handler. The loop terminates only after 100 ancest...

9CVSS6.5AI score0.00437EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/13 5:19 p.m.35 views

CVE-2026-43998 vm2: NodeVM require.root bypass via symlink traversal allows sandbox escape

vm2 is an open source vm/sandbox for Node.js. In 3.10.5, NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in host context. Because path validation uses path.resolve which does not...

8.5CVSS0.00722EPSS
Exploits1References1
OSV
OSV
added 2026/05/13 5:19 p.m.4 views

CVE-2026-43998 vm2: NodeVM require.root bypass via symlink traversal allows sandbox escape

vm2 is an open source vm/sandbox for Node.js. In 3.10.5, NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in host context. Because path validation uses path.resolve which does not...

8.5CVSS7.6AI score0.00722EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/05/07 4:33 a.m.12 views

vm2 has a NodeVM require.root bypass via symlink traversal that allows sandbox escape

Summary NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in host context. Because path validation uses path.resolve which does not dereference symlinks but module loading uses Node's...

8.5CVSS6.4AI score0.00722EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/05/07 4:33 a.m.8 views

GHSA-CP6G-6699-WX9C vm2 has a NodeVM require.root bypass via symlink traversal that allows sandbox escape

Summary NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in host context. Because path validation uses path.resolve which does not dereference symlinks but module loading uses Node's...

8.5CVSS6.4AI score0.00722EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/04/24 8:16 p.m.8 views

CVE-2026-35338

A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path is literally / and does not canonicalize the path. An attacker or accidental user can use path variants such as /../ or symbol...

7.3CVSS5.5AI score0.00175EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/24 7:16 p.m.6 views

CVE-2026-35349

A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than comparing device and inode numbers to identify the root directory. An attacker or accidental user can bypass this safeguard by using a...

7.7CVSS5.4AI score0.00184EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.10 views

Duplicate Advisory: uutils coreutils has a Link Following Issue Via rm Utility

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7cr3-h577-g38j. This link is maintained to preserve external references. Original Description A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The...

7.7CVSS5.9AI score0.00184EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/22 6:31 p.m.13 views

GHSA-V762-X3CF-5MFG Duplicate Advisory: uutils coreutils has a Link Following Issue Via rm Utility

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7cr3-h577-g38j. This link is maintained to preserve external references. Original Description A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The...

6.7CVSS5.9AI score0.00184EPSS
Exploits0References5
OSV
OSV
added 2026/04/22 6:31 p.m.8 views

GHSA-9GQX-53GP-C8G3 Duplicate Advisory: uutils coreutils allows users to bypass the --preserve-root safety mechanism

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4c7q-4928-8445. This link is maintained to preserve external references. Original Description A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism...

7.3CVSS6AI score0.00175EPSS
Exploits0References5
Rows per page
Query Builder