Lucene search
K

55 matches found

CNNVD
CNNVD
added 2026/06/02 12:0 a.m.7 views

NiceGUI 安全漏洞

NiceGUI is an easy-to-use, Python-based UI framework developed under the open source license. Versions of NiceGUI prior to 3.12.0 contained a security vulnerability. This vulnerability stemmed from two FastAPI routes that allowed subpath parameters to be resolved into directories, potentially...

5.3CVSS5.3AI score0.00343EPSS
Exploits0References2
OSV
OSV
added 2026/04/29 4:12 p.m.7 views

OPENSUSE-SU-2026:20654-1 Security update for grafana

This update for grafana fixes the following issues: Changes in grafana: - Update to version 11.6.11: Features and enhancements: Alerting: Add limits for the size of expanded notification templates Correlations: Remove support for orgid=0 Security: CVE-2026-21722: Public dashboards annotations: us...

9.9CVSS6.9AI score0.97809EPSS
Exploits21References53
Github Security Blog
Github Security Blog
added 2026/04/27 12:30 p.m.9 views

Apache Camel Vulnerable to Authentication Bypass Using an Alternate Path or Channel

When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server camel-platform-http-main and a non-root context path such as /api or /admin is configured via camel.server.path or camel.management.path, the BasicAuthenticationConfigurer and...

8.2CVSS5.8AI score0.00622EPSS
Exploits0References10Affected Software1
EUVD
EUVD
added 2026/04/27 9:40 a.m.4 views

EUVD-2026-25807

When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server camel-platform-http-main and a non-root context path such as /api or /admin is configured via camel.server.path or camel.management.path, the BasicAuthenticationConfigurer and...

8.2CVSS5.2AI score0.00622EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.8 views

PT-2026-35385

When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server camel-platform-http-main and a non-root context path such as /api or /admin is configured via camel.server.path or camel.management.path, the BasicAuthenticationConfigurer and...

5.2AI score0.00622EPSS
Exploits0References3
OSV
OSV
added 2026/04/22 12:0 a.m.5 views

UBUNTU-CVE-2026-33748

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is...

8.2CVSS5.4AI score0.00463EPSS
Exploits0References6
OSV
OSV
added 2026/04/08 12:7 a.m.4 views

GHSA-5G3J-89FR-R2VP skilleton has improper input handling in repository/path processing

Summary skilleton versions prior to 0.3.1 include security-related weaknesses in repository normalization and path handling logic. Version 0.3.1 contains fixes and additional test coverage for these issues. Affected Versions =0.3.1 Impact In affected versions, crafted input could trigger unsafe o...

6.9CVSS5.8AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/31 10:51 p.m.5 views

SciTokens has an Authorization Bypass via Incorrect Scope Path Prefix Checking

Summary The Enforcer incorrectly validates scope paths by using a simple prefix match startswith. This allows a token with access to a specific path e.g., /john to also access sibling paths that start with the same prefix e.g., /johnathan, /johnny, which is an Authorization Bypass. Details File:...

8.1CVSS5.9AI score0.00389EPSS
Exploits1References5Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/30 11:27 p.m.7 views

SUSE CVE-2026-33748

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is...

7.5CVSS5.8AI score0.00463EPSS
Exploits0References7
OSV
OSV
added 2026/03/27 3:16 p.m.9 views

DEBIAN-CVE-2026-33748

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is...

7.5CVSS5.8AI score0.00463EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2026/03/25 10:31 a.m.7 views

Security update for grafana

This update for grafana fixes the following issues: Security issues fixed: CVE-2026-21722: Public dashboards annotations: use dashboard timerange if time selection disabled bsc1258136 CVE-2026-21721: Fixed access control by the dashboard permissions API bsc1257337 CVE-2026-21720: Fixed...

8.7CVSS5.8AI score0.0089EPSS
Exploits1References22
Snyk
Snyk
added 2026/03/20 12:38 a.m.6 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the Actuator CloudFoundry endpoints. An attacker can gain unauthorized access to protected endpoints by sending requests to application endpoints declared under the CloudFound...

9.2CVSS5.8AI score0.0036EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/20 12:38 a.m.4 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the Actuator CloudFoundry endpoints. An attacker can gain unauthorized access to protected endpoints by sending requests to application endpoints declared under the CloudFound...

9.2CVSS5.8AI score0.0036EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-25741

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of...

8.8CVSS7AI score0.06505EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2017-1002101

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type...

9.6CVSS7.7AI score0.11586EPSS
Exploits2References2
SUSE Linux
SUSE Linux
added 2025/01/10 7:35 a.m.8 views

Security update for tomcat

This update for tomcat fixes the following issues: Update to Tomcat 9.0.98 Fixed CVEs: CVE-2024-54677: DoS in examples web application bsc1234664 CVE-2024-50379: RCE due to TOCTOU issue in JSP compilation bsc1234663 CVE-2024-52317: Request/response mix-up with HTTP/2 bsc1233435 Catalina Add: Add...

8.7CVSS7.5AI score0.43663EPSS
Exploits14References12
RedHat Linux
RedHat Linux
added 2024/05/22 9:48 a.m.4 views

moby/buildkit: Possible race condition with accessing subpaths from cache mounts

A vulnerability was found in the Moby Builder Toolkit. A malicious BuildKit client or any frontend that can craft a request could lead to the BuildKit daemon crashing with a panic due to the lack of input validation. A frontend is usually specified as the syntax line on a Dockerfile or with the...

5.3CVSS7.1AI score0.00957EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.23 views

RHEL 7 : kubernetes (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - kubernetes: Privilege escalation in the PodSecurityPolicy admission plugin CVE-2017-1000056 - In Kubernet...

8.6AI score0.11586EPSS
Exploits2References5
Grafana
Grafana
added 2024/02/14 12:0 a.m.11 views

Improper Path Sanitization in JSON Datasource Plugin

Grafana is an open-source platform for monitoring and observability. The JSON datasource plugin is a Grafana Labs maintained plugin that allows for retrieving and processing JSON data from a remote endpoint including a specific sub-path configured by an administrator. Due to inadequate sanitizati...

8CVSS5.9AI score0.0077EPSS
Exploits0
Snyk
Snyk
added 2023/12/11 12:0 p.m.4 views

Race Condition (Leaky Vessels)

Overview Affected versions of this package are vulnerable to Race Condition Leaky Vessels in the subpath mounting when two malicious build steps are running in parallel and sharing the same cache mounts. This can lead to files from the host system being accessible to the build container. Workarou...

8.7CVSS6.9AI score0.00791EPSS
Exploits0References2
Rows per page
Query Builder