Lucene search
K

111 matches found

CVE
CVE
added 6 days ago8 views

CVE-2026-58192

CVE-2026-58192 affects Appium’s storage-plugin: prior to 1.1.6, POST /storage/delete passes user-supplied name into path.join(storageRoot, name) and fs.rimraf() without sanitization, enabling an unauthenticated remote attacker to escape the storage root via ../ and delete arbitrary writable files...

8.6CVSS6.1AI score0.00345EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-39822 Root escape via symlink plus trailing slash in os

On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of the Root when the final path component of the a path is a symbolic link and the path ends in /. For example, 'root.Open"symlink/"' will open "symlink" even when "symlink" is a symbolic link pointing...

0.00181EPSS
Exploits0References4
CVE
CVE
added 6 days ago14 views

CVE-2026-39822

CVE-2026-39822 describes a root-escape vulnerability in Unix environments involving os.Root: when opening a path whose final component is a symbolic link and the path ends with a slash, the implementation may follow the symlink to locations outside the designated root. Example: root.Open("symlink...

7.8CVSS6AI score0.00181EPSS
Exploits0References4Affected Software1
The Hacker News
The Hacker News
added 2026/07/02 3:24 p.m.8 views

ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories

This week’s security news is mostly about weak spots. Browsers, bots, sandboxes, AI systems, and email flows all show the same problem in different ways. Everything looks normal until someone tests a small gap and finds a way through. This is not one big break. It is small permissions, weak check...

7.8CVSS7.8AI score0.06749EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.14 views

PT-2026-54771

Name of the Vulnerable Software and Affected Versions Gradio versions prior to 6.16.0 Description A path traversal issue exists in the preprocess function of the FileExplorer component. Unauthenticated attackers can escape the configured root directory by providing path segments that include...

8.7CVSS6.1AI score0.0069EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/28 1:32 a.m.9 views

CVE-2026-58053

Gitea actrunner with the Docker backend through act 0.262.0 passes a workflow's container.options string to the Docker job container's HostConfig and, when configured with privileged: false, forces only the Privileged flag off while merging options such as --pid=host, --cap-add, and --security-op...

9.9CVSS5.8AI score0.00265EPSS
Exploits0References2
CVE
CVE
added 2026/06/28 1:32 a.m.59 views

CVE-2026-58053

Gitea act_runner (Docker backend) up to act 0.262.0 is vulnerable: the workflow.container.options are merged into the Docker job container HostConfig, and if privileged is set to false, only the Privileged flag is disabled while options such as --pid=host, --cap-add, and --security-opt remain. A ...

9.9CVSS5.8AI score0.00265EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Ruby-Rack

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, the path check for Rack::Directory used a string prefix match on the expanded path. A request like /../rootexample/ could escape the configured root if the target path started with the root string, allowing...

7.5CVSS6.6AI score0.00665EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.27 views

PT-2026-50147

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.7.12 Description When running in BYONM mode nodeModulesDir: "manual", the module resolver fails to validate that a package's resolved entrypoint remains within its node modules// directory. A malicious package.json...

5.5CVSS6AI score0.00135EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.16 views

EulerOS 2.0 SP13 : golang (EulerOS-SA-2026-2291)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.CVE-2026-25679 Actions which insert URLs into the...

9.8CVSS7.8AI score0.00728EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.10 views

CVE-2026-40876

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP root escape caused by prefix-based path validation. An authenticated SFTP user can read from and write to filesystem paths outside the configured SFTP root, which breaks the intended jail boundary and can...

8.8CVSS5.5AI score0.00439EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 7:1 p.m.9 views

CVE-2026-11414

A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network attacker who can reach the server can forge valid download signatures and retrieve files from the...

10CVSS5.6AI score0.00478EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 1:41 p.m.11 views

EUVD-2026-33928

Symlink following vulnerability in Gleam's Hex package export allows files outside the project root to be embedded in the generated package tarball. The file collection helpers gleamfiles, nativefiles, privatefiles in compiler-cli/src/fs.rs use followlinkstrue when walking publishable directories...

5.1CVSS5.9AI score0.00132EPSS
Exploits0References4
OSV
OSV
added 2026/06/02 1:41 p.m.12 views

EEF-CVE-2026-42795 Symlink Following in Hex Package Export Allows Embedding Files Outside Project Root

Summary Symlink following vulnerability in Gleam's Hex package export allows files outside the project root to be embedded in the generated package tarball. The file collection helpers gleamfiles, nativefiles, privatefiles in compiler-cli/src/fs.rs use followlinkstrue when walking publishable...

5.1CVSS5.9AI score0.00132EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/27 10:50 p.m.16 views

Kata guest escape: runtime-rs guest-root to host-root escape via virtiofs

Summary In the runtime-rs standalone virtio-fs path, verified here with QEMU and verified with Cloud Hypervisor too, Kata Containers runs host virtiofsd as root with: --sandbox none --seccomp none If an attacker has root-equivalent execution inside the Kata guest VM, they can send raw FUSE reques...

6AI score0.00067EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/27 10:50 p.m.21 views

GHSA-2GV2-CFFP-J227 Kata guest escape: runtime-rs guest-root to host-root escape via virtiofs

Summary In the runtime-rs standalone virtio-fs path, verified here with QEMU and verified with Cloud Hypervisor too, Kata Containers runs host virtiofsd as root with: --sandbox none --seccomp none If an attacker has root-equivalent execution inside the Kata guest VM, they can send raw FUSE reques...

9.3CVSS6AI score0.00067EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.16 views

PT-2026-43566

Name of the Vulnerable Software and Affected Versions BOSH Director versions prior to v282.1.12 Description When the director sends a long-running request, such as compile package, the agent's reply JSON is processed by AgentClient. The functions inject compile log and format exception read the...

5.8CVSS5.5AI score0.00099EPSS
Exploits0References3
Amazon
Amazon
added 2026/05/26 12:0 a.m.24 views

Important: golang-github-cpuguy83-md2man

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out...

7.5CVSS7.1AI score0.01945EPSS
Exploits3
Github Security Blog
Github Security Blog
added 2026/05/19 3:38 p.m.11 views

zrok copy writes attacker-controlled WebDAV paths outside the destination root

Summary Alice runs zrok2 copy from a WebDAV or zrok drive controlled by Bob into a local filesystem target. Bob returns a DAV href such as /../outside.txt. The sync pipeline stores that path in the source inventory and passes it to FilesystemTarget.WriteStream, which joins it with the target root...

5.8AI score0.00061EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2026/05/19 3:38 p.m.10 views

GHSA-C656-JCX2-7PQJ zrok copy writes attacker-controlled WebDAV paths outside the destination root

Summary Alice runs zrok2 copy from a WebDAV or zrok drive controlled by Bob into a local filesystem target. Bob returns a DAV href such as /../outside.txt. The sync pipeline stores that path in the source inventory and passes it to FilesystemTarget.WriteStream, which joins it with the target root...

8.3CVSS5.8AI score0.00061EPSS
Exploits0References2
Rows per page
Query Builder