CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2 days ago•37 views

CVE-2026-9640 LXD Snapshot Import Privilege Escalation Vulnerability

7.2CVSS0.00329EPSS

EUVD•added 2 days ago•4 views

EUVD-2026-39794

7.2CVSS5.8AI score0.00329EPSS

CVE•added 2 days ago•10 views

CVE-2026-9640

CVE-2026-9640 concerns LXD versions 6.0–6.9, 5.21.0–5.21.5, and 5.0.0–5.0.7. It describes a privilege escalation where an authenticated project operator in a restricted multi-tenant environment can bypass project-restriction policies during snapshot restoration by importing a malicious instance b...

7.2CVSS5.8AI score0.00329EPSS

Debian CVE•added 2 days ago•5 views

CVE-2026-9640

7.2CVSS5.8AI score0.00329EPSS

Exploits0

NVD•added 3 days ago•6 views

CVE-2026-54250

K3s is a fully conformant production-ready Kubernetes distribution. Prior to 1.35.3+k3s1, 1.34.6+k3s1, v1.33.10+k3s1, a path traversal vulnerability exists in K3s's etcd snapshot decompression functionality. Zip files containing archive members with maliciously crafted names can be written to...

5.8CVSS0.00122EPSS

CVE•added 3 days ago•5 views

CVE-2026-54250

CVE-2026-54250 affects K3s by a ZIP archive path traversal in the etcd snapshot decompression. Before versions 1.35.3+k3s1, 1.34.6+k3s1, and v1.33.10+k3s1, a crafted ZIP member can be written to arbitrary filesystem locations when restoring an etcd snapshot, due to the decompression process. Impa...

5.8CVSS6AI score0.00122EPSS

Cvelist•added 3 days ago•18 views

CVE-2026-54250 K3s: ZIP Archive Path Traversal Vulnerability in etcd Snapshot Decompression

5.8CVSS0.00122EPSS

RedHat Linux•added 3 days ago•10 views

Important: Red Hat Security Advisory: Red Hat OpenShift API for Data Protection

A new version of OpenShift API for Data Protection OADP is now available. OpenShift API for Data Protection OADP enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and...

10CVSS6.7AI score0.00765EPSS

Exploits2References13

Nuclei•added 3 days ago•51 views

Grafana Unauthenticated Snapshot Creation

Grafana 6.7.3 through 7.4.1 snapshot functionality can allow an unauthenticated remote attacker to trigger a Denial of Service via a remote API call if a commonly used configuration is set. id: CVE-2021-27358 info: name: Grafana Unauthenticated Snapshot Creation author: pdteam,bing0o severity: hi...

7.5CVSS7.2AI score0.83042EPSS

Exploits0References5

RedhatCVE•added 3 days ago•12 views

CVE-2026-44168

A flaw was found in MariaDB. During a State Snapshot Transfer SST, the donor node improperly validates parameters sent by a joiner node. This vulnerability allows a malicious joiner to execute arbitrary shell commands on the donor server through the mariabackup SST method. This could lead to a...

8CVSS6.2AI score0.00381EPSS

Exploits0References5

Nuclei•added 3 days ago•51 views

Grafana Snapshot - Authentication Bypass

Grafana instances up to 7.5.11 and 8.1.5 allow remote unauthenticated users to view the snapshot associated with the lowest database key by accessing the literal paths /api/snapshot/:key or /dashboard/snapshot/:key. If the snapshot is in public mode, unauthenticated users can delete snapshots by...

9.8CVSS6.9AI score0.99888EPSS

Exploits1References5

EUVD•added 4 days ago•3 views

EUVD-2026-38952

In the Linux kernel, the following vulnerability has been resolved: bpf: return VMA snapshot from taskvma iterator Holding the per-VMA lock across the BPF program body creates a lock ordering problem when helpers acquire locks that depend on mmaplock: vmlock - irwsem - mmaplock - vmlock Snapshot...

5.7AI score0.00156EPSS

IBM Security Bulletins•added 5 days ago•9 views

Security Bulletin: Hardcoded credential in the IBM Storage Protect Snapshot For Windows leads to unauthorized access to system

Summary IBM Storage Protect Snapshot For Windows is affected by allowing a remote unauthenticated attacker to bypass authentication and gain SYSTEM-level access due to a hardcoded credential. Vulnerability Details CVEID:CVE-2026-12628 DESCRIPTION: IBM Storage Protect Client 8.1.0.0 through 8.2.1....

9.1CVSS5.9AI score0.00357EPSS

Exploits0Affected Software1

RedhatCVE•added 5 days ago•5 views

CVE-2026-48163

A flaw was found in MariaDB server. During the State Snapshot Transfer SST process, a malicious joiner node could exploit improper parameter validation on the donor node. This vulnerability, specifically within the rsync SST method, allows the malicious joiner to execute arbitrary shell commands ...

9.1CVSS6.1AI score0.00457EPSS

Exploits0References5

NVD•added 6 days ago•8 views

CVE-2026-41047

Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information...

6.9CVSS0.00158EPSS

NVD•added 6 days ago•6 views

CVE-2026-41048

Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot"...

8.4CVSS0.00149EPSS

NVD•added 6 days ago•10 views

CVE-2026-12628

IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage Protect Snapshot For Windows 8.1.0.0 through 8.2.1.0 could allow a remote attacker to bypass authentication due to the use of a hardcoded credential in the FlashCopy Manager FCM authentication mechanism. The application contains a...

9.1CVSS0.00357EPSS

Cvelist•added 6 days ago•30 views

CVE-2026-41048 Caching of Authentication allows Authentication Bypass in qSnapper

8.4CVSS0.00149EPSS

EUVD•added 6 days ago•5 views

EUVD-2026-38272

8.4CVSS5.9AI score0.00149EPSS