Lucene search
K

106 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-46680

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cann...

7.8CVSS5.9AI score0.00221EPSS
Exploits1References3
OSV
OSV
added 2026/07/01 6:16 p.m.4 views

UBUNTU-CVE-2026-46680

containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNonRoot evasion. If a crafted image provides an...

7.8CVSS5.7AI score0.00221EPSS
Exploits1References3
OSV
OSV
added 2026/07/01 5:40 p.m.3 views

CVE-2026-46680 containerd user ID handling bypass allows runAsNonRoot evasion

containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNonRoot evasion. If a crafted image provides an...

7.3CVSS5.9AI score0.00221EPSS
Exploits1References3
OSV
OSV
added 2026/06/26 8:35 p.m.7 views

MAL-2026-6541 Malicious code in pdf-converter-pro (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b3a5f6d1d39c20feca11d0129f0efa21bdf564586045555b756cc25bce73efc Package is advertised as a PDF converter but contains no PDF generation code. Its sole public method TXTtoPDFConverter.createpdftxtpath, pdfpath is...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/25 6:43 p.m.5 views

GO-2026-5378 containerd user ID handling bypass allows runAsNonRoot evasion in github.com/containerd/containerd

containerd user ID handling bypass allows runAsNonRoot evasion in github.com/containerd/containerd...

7.8CVSS5.8AI score0.00221EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50922

Name of the Vulnerable Software and Affected Versions Chromacam version 4.0.3.0 Description An unquoted service path issue exists in the PsyFrameGrabberService. This allows local attackers with write access to C: or subdirectories such as C:Program Files x86Personify to execute arbitrary code. By...

8.5CVSS6.5AI score0.0012EPSS
Exploits0References8
CVE
CVE
added 2026/06/12 6:58 p.m.35 views

CVE-2026-42890

CVE-2026-42890 affects the macOS desktop application Actual (version 25.x, Electron 39.2.7). The ELECTRON_RUN_AS_NODE fuse was not disabled, allowing a local attacker who can place a file on disk or influence command-line arguments to invoke Actual.app with ELECTRON_RUN_AS_NODE=1. This converts t...

4.8CVSS5.6AI score0.00126EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 6:58 p.m.12 views

CVE-2026-42890 actual Allows Electron to Run As Node

Actual is an open-source personal finance application. In the macOS desktop application version 25.x built on Electron 39.2.7, the ELECTRONRUNASNODE fuse is not disabled, allowing an attacker who can place a file on disk or control command-line arguments to invoke the signed Actual.app binary wit...

4.8CVSS5.6AI score0.00126EPSS
Exploits0References2
OSV
OSV
added 2026/06/08 6:21 p.m.9 views

GHSA-7RVM-XJPP-63R9 actual Allows Electron to Run As Node

Summary A electron run as node vulnerability was identified in actual macOS application, version 25.x Electron 39.2.7. Vulnerability Type: Electron Run As Node Description ELECTRONRUNASNODE fuse enabled Electron 39.2.7 — app can be converted to Node.js REPL for arbitrary code execution Impact An...

4.8CVSS6AI score0.00126EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.331 views

Containerd 1.7.27 < 1.7.32 / 2.0.4 < 2.0.9 / 2.1.x < 2.2.4 / 2.3.x < 2.3.1 runAsNonRoot Bypass

The version of Containerd on the remote host is 1.7.27 prior to 1.7.32, 2.0.4 prior to 2.0.9, 2.1.x prior to 2.2.4, or 2.3.x prior to 2.3.1. It is, therefore, affected by a security bypass vulnerability. A bug was found in containerd where containers launched with a numeric User directive that...

7.8CVSS5.5AI score0.00221EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/21 9:40 p.m.9 views

Access of Resource Using Incompatible Type ('Type Confusion')

Overview Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via improper handling of numeric User directives in container configuration. An attacker can gain elevated privileges by supplying a crafted image with an /etc/passwd file that...

7.8CVSS5.7AI score0.00221EPSS
Exploits1References2
OSV
OSV
added 2026/05/21 9:40 p.m.22 views

GHSA-FQW6-GF59-QR4W containerd user ID handling bypass allows runAsNonRoot evasion

Impact A bug was found in containerd where containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username. If a crafted image provides an /etc/passwd file mapping this large numeric string to root, the container ultimately runs as...

7.3CVSS5.7AI score0.00221EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/21 9:40 p.m.40 views

containerd user ID handling bypass allows runAsNonRoot evasion

Impact A bug was found in containerd where containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username. If a crafted image provides an /etc/passwd file mapping this large numeric string to root, the container ultimately runs as...

7.8CVSS5.7AI score0.00275EPSS
Exploits2References2Affected Software2
Snyk
Snyk
added 2026/05/21 9:40 p.m.8 views

Access of Resource Using Incompatible Type ('Type Confusion')

Overview Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via improper handling of numeric User directives in container configuration. An attacker can gain elevated privileges by supplying a crafted image with an /etc/passwd file that...

7.8CVSS5.7AI score0.00221EPSS
Exploits1References2
NVD
NVD
added 2026/05/20 12:16 a.m.22 views

CVE-2026-39309

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading macOS permission...

5.5CVSS0.00176EPSS
Exploits0References2
CVE
CVE
added 2026/05/19 11:54 p.m.19 views

CVE-2026-39309

CVE-2026-39309 affects Trilium Notes before v0.102.2. The Electron configuration allows a RunAsNode fuse to launch the app in a special Node.js mode (-e) that can execute arbitrary commands with Trilium’s permissions, enabling a local attacker to spoof macOS TCC prompts. An attacker could trigger...

5.5CVSS6.1AI score0.00176EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/04/24 9:20 p.m.8 views

CVE-2026-42171

NSIS Nullsoft Scriptable Install System 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges if they can cause myGetTempFileName to return 0, as shown in the references...

7.8CVSS5.2AI score0.0021EPSS
Exploits0
EUVD
EUVD
added 2026/04/20 6:31 p.m.4 views

EUVD-2026-23885

Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges...

7.2CVSS6.1AI score0.00417EPSS
Exploits0References2
OSV
OSV
added 2026/03/03 2:51 p.m.3 views

GHSA-HWM2-4PH6-W6M5 Rancher's restricted PodSecurityPolicy does not prevent containers from running as a privileged user

Impact The restricted pod security policy PSP, provided in Rancher versions from 2.0 up to and including 2.6.3, has a deviation from the upstream restricted policy provided in Kubernetes, in which Rancher's PSP has runAsUser set to runAsAny, while upstream has runAsUser set to MustRunAsNonRoot...

7.1CVSS5.9AI score
Exploits0References2
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.6 views

Astra Linux – Vulnerability in containerd-app

Containerd is an open-source container runtime. A bug was discovered in Containerd prior to versions 1.6.38, 1.7.27, and 2.0.4. In these versions, containers launched with a User set as UID:GID that exceeded the maximum 32-bit signed integer could cause an overflow condition, resulting in the...

7.8CVSS6.1AI score0.00275EPSS
Exploits1References3
Rows per page
Query Builder