Lucene search
+L

69 matches found

Chainguard
Chainguard
added last week7 views

GHSA-FF52-PH69-CF7X vulnerabilities

Vulnerabilities for packages: promxy, dragonfly-operator-fips, temporal-server, nri-rabbitmq-fips, crossplane-provider-aws-lakeformation-fips, crossplane-provider-aws-sagemaker, crossplane-provider-aws-kafka-fips, drone, sops, nri-postgresql, litmus-chaos-operator, kubernetes-dns-node-cache,...

6.1AI score
Exploits0
Snyk
Snyk
added 2026/06/19 10:10 p.m.7 views

Symlink Attack

Overview pydantic-settings is a Settings management using Pydantic Affected versions of this package are vulnerable to Symlink Attack in the NestedSecretsSettingsSource process when secretsnestedsubdir is enabled and a symbolic link inside the configured secrets directory points outside of it. An...

5.3CVSS6AI score0.00138EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.13 views

openSUSE 16 Security Update : docker-stable (openSUSE-SU-2026:20814-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20814-1 advisory. This update for docker-stable fixes the following issues - CVE-2026-33747: github.com/moby/buildkit: malicious frontends can craft API messages...

9.8CVSS5.8AI score0.00498EPSS
Exploits0References6
OSV
OSV
added 2026/05/26 12:29 p.m.6 views

SUSE-SU-2026:21851-1 Security update for docker-stable

This update for docker-stable fixes the following issues - CVE-2026-33747: github.com/moby/buildkit: malicious frontends can craft API messages that cause files to be written outside of the BuildKit state directory bsc1260967. - CVE-2026-33748: github.com/moby/buildkit: insufficient validation of...

9.8CVSS7AI score0.00498EPSS
Exploits0References5
OSV
OSV
added 2026/05/17 9:24 p.m.7 views

OPENSUSE-SU-2026:20809-1 Security update for trivy

This update for trivy fixes the following issues - CVE-2025-64702: github.com/quic-go/quic-go/http3: quic-go HTTP/3 QPACK Header Expansion DoS bsc1255366. - CVE-2025-69725: github.com/go-chi/chi/v5: incorrect input validation in the RedirectSlashes function can lead to an open redirect bsc1258513...

9.8CVSS6.6AI score0.00651EPSS
Exploits1References18
RedhatCVE
RedhatCVE
added 2026/05/08 8:21 p.m.13 views

CVE-2026-39918

Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where the subdir POST parameter is written unsanitized into the env.php configuration file without escaping or validation. Attackers can inject arbitrary PHP code by breaking out of the string context in t...

9.8CVSS6.5AI score0.00665EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/22 12:0 a.m.8 views

CVE-2026-33748

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is...

8.2CVSS5.8AI score0.00463EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.12 views

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011349)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011349 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in procreaddirde Pde is erased from subdir rbtree through rberase, but not set...

5.9AI score0.00519EPSS
Exploits3References4
CVE
CVE
added 2026/04/20 2:46 p.m.12 views

CVE-2026-39918

Vvveb before 1.0.8.1 contains a code injection vulnerability in the installation endpoint. The subdir POST parameter is written unsanitized into env.php without escaping or validation, allowing an attacker to break out of the string context in the define statement and achieve unauthenticated remo...

9.8CVSS6.6AI score0.00665EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/20 2:46 p.m.2 views

CVE-2026-39918 Vvveb < 1.0.8.1 Code Injection via Installation Endpoint

Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where the subdir POST parameter is written unsanitized into the env.php configuration file without escaping or validation. Attackers can inject arbitrary PHP code by breaking out of the string context in t...

9.8CVSS6.6AI score0.00665EPSS
Exploits0References3
OSV
OSV
added 2026/04/20 2:46 p.m.3 views

CVE-2026-39918 Vvveb < 1.0.8.1 Code Injection via Installation Endpoint

Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where the subdir POST parameter is written unsanitized into the env.php configuration file without escaping or validation. Attackers can inject arbitrary PHP code by breaking out of the string context in t...

9.2CVSS6.7AI score0.00665EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.10 views

Vvveb 安全漏洞

Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.1 contained security vulnerabilities. These vulnerabilities stemmed from the subdir parameter being written to the...

9.8CVSS6.2AI score0.00665EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.6 views

PT-2026-33779

Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where the subdir POST parameter is written unsanitized into the env.php configuration file without escaping or validation. Attackers can inject arbitrary PHP code by breaking out of the string context in t...

9.8CVSS6.6AI score0.00665EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007455)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007455 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in procreaddirde Pde is erased from subdir rbtree through rberase, but not set...

5.9AI score0.00519EPSS
Exploits3References4
Wolfi
Wolfi
added 2026/04/11 2:51 a.m.11 views

GHSA-FV83-X2XW-2J55 vulnerabilities

Vulnerabilities for packages: flux-notification-controller, metacontroller, goreleaser, flux-operator, flux-source-controller, hubble, smokescreen, newrelic-infra-operator, dkron, envoy-ratelimit, flux-image-reflector-controller, nfs-subdir-external-provisioner, tailscale, go, stakater-reloader,...

6.1AI score
Exploits0
Kubernetes Security Advisories
Kubernetes Security Advisories
added 2026/04/10 5:54 p.m.32 views

CSI Driver for SMB path traversal via subDir may delete unintended directories on the SMB server

CVSS Rating: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H — Medium 6.5 A vulnerability was discovered in the Kubernetes CSI Driver for SMB where the subDir parameter in volume identifiers was insufficiently validated. Attackers with the ability to create PersistentVolumes referencing the SMB CSI...

6.5CVSS5.9AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/30 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-33748

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient...

8.2CVSS7AI score0.00463EPSS
Exploits0References3
OSV
OSV
added 2026/03/27 6:39 p.m.5 views

GO-2026-4859 BuildKit Git URL subdir component can cause access to restricted files in github.com/moby/buildkit

BuildKit Git URL subdir component can cause access to restricted files in github.com/moby/buildkit...

8.2CVSS5.8AI score0.00463EPSS
Exploits0References3
NVD
NVD
added 2026/03/27 3:16 p.m.10 views

CVE-2026-33748

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is...

8.2CVSS0.00463EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/27 2:0 p.m.2 views

CVE-2026-33748 BuildKit Git URL subdir component can cause access to restricted files

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is...

8.2CVSS5.8AI score0.00463EPSS
Exploits0References3
Rows per page
Query Builder