Lucene search
K

4 matches found

CVE
CVE
added 2026/06/26 8:55 p.m.19 views

CVE-2026-49984

CVE-2026-49984 – Kestra : A path traversal vulnerability in the LocalStorage backend allows any authenticated user who can view an execution to read arbitrary files on the server. Before patching, the LocalStorage path validator mishandles Windows-style backslashes, letting an attacker smuggle tr...

7.7CVSS6AI score0.00386EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52980

Name of the Vulnerable Software and Affected Versions Kestra versions prior to 1.0.45 Kestra versions prior to 1.3.23 Description The local internal-storage backend fails to properly validate user-supplied paths because it checks for directory traversal sequences before converting Windows-style...

7.7CVSS5.9AI score0.00386EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2026/03/05 7:14 p.m.9 views

Gogs: Cross-repository LFS object overwrite via missing content hash verification

Summary Overwritable LFS object across different repos leads to supply-chain attack, all LFS objects are vulnerable to be maliciously overwritten by malicious attackers. Details Gogs store all LFS objects in the same place, no isolation between different repositories. repo id not concatenated to...

9.3CVSS5.8AI score0.00327EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2022/02/12 2:15 a.m.3 views

DEBIAN-CVE-2022-0291

Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page...

6.5CVSS6.8AI score0.00743EPSS
Exploits0References1
Rows per page
Query Builder