Lucene search
+L

2355 matches found

snyk
snyk
added 2026/05/29 7:18 p.m.7 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection in the path query parameter of the volume browser endpoint, which is passed unsanitized to a shell command. An attacker can execute arbitrary commands within the helper container by injecting shell metacharacters into...

6.3CVSS6AI score0.0021EPSS
Exploits0References2
nvd
nvd
added 2026/05/29 6:17 p.m.16 views

CVE-2026-45626

Arcane is an interface for managing Docker containers, images, networks, and volumes. In 1.18.1 and earlier, GET /environments/id/volumes/volumeName/browse accepts a path query parameter that is passed to a shell command sh -c "find … | while …" inside an Arcane helper container. The path sanitis...

6.3CVSS0.0021EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/29 5:10 p.m.12 views

CVE-2026-45626 Arcane: OS Command Injection in Volume Browser ListDirectory via path query parameter

Arcane is an interface for managing Docker containers, images, networks, and volumes. In 1.18.1 and earlier, GET /environments/id/volumes/volumeName/browse accepts a path query parameter that is passed to a shell command sh -c "find … | while …" inside an Arcane helper container. The path sanitis...

6.3CVSS6AI score0.0021EPSS
Exploits0References1
osv
osv
added 2026/05/29 5:10 p.m.4 views

CVE-2026-45626 Arcane: OS Command Injection in Volume Browser ListDirectory via path query parameter

Arcane is an interface for managing Docker containers, images, networks, and volumes. In 1.18.1 and earlier, GET /environments/id/volumes/volumeName/browse accepts a path query parameter that is passed to a shell command sh -c "find … | while …" inside an Arcane helper container. The path sanitis...

6.3CVSS6.2AI score0.0021EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/05/29 5:10 p.m.31 views

CVE-2026-45626

Arcane is an interface for managing Docker containers, images, networks, and volumes. In 1.18.1 and earlier, GET /environments/id/volumes/volumeName/browse accepts a path query parameter that is passed to a shell command sh -c "find … | while …" inside an Arcane helper container. The path sanitis...

6.3CVSS6AI score0.0021EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/05/29 5:10 p.m.29 views

CVE-2026-45626

Summary: CVE-2026-45626 (Arcane) enables OS command injection via the volume browser’s path parameter. Affected: Arcane’s browse API (GET /environments/{id}/volumes/{volumeName}/browse) in 1.18.1 and earlier. Root cause: the path sanitiser only blocks ../ traversal and does not strip Bourne-shell...

6.3CVSS6AI score0.0021EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/29 5:10 p.m.39 views

CVE-2026-45626 Arcane: OS Command Injection in Volume Browser ListDirectory via path query parameter

Arcane is an interface for managing Docker containers, images, networks, and volumes. In 1.18.1 and earlier, GET /environments/id/volumes/volumeName/browse accepts a path query parameter that is passed to a shell command sh -c "find … | while …" inside an Arcane helper container. The path sanitis...

6.3CVSS0.0021EPSS
Exploits0References1
cve
cve
added 2026/05/29 4:40 p.m.27 views

CVE-2026-43917

CVE-2026-43917 (Dokploy) describes an IDOR due to a missing organization scoping check in the protectedProcedure middleware prior to 0.19.0. The middleware only validates authentication, not that the resource’s organization matches the session’s activeOrganizationId, enabling cross-organization a...

5.3CVSS5.8AI score0.00225EPSS
Exploits0References1
euvd
euvd
added 2026/05/29 4:40 p.m.11 views

EUVD-2026-33361

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.19.0 and earlier, the protectedProcedure middleware only verifies the user is authenticated - it does NOT enforce organization scoping. Each endpoint must individually verify the resource's org matches the session's...

5.3CVSS5.8AI score0.00225EPSS
Exploits0References1
susecve
susecve
added 2026/05/29 1:22 a.m.18 views

SUSE CVE-2026-9804

A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link symlink within an exported filesystem Persistent Volume Claim PVC that points...

7.7CVSS5.8AI score0.00516EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/05/29 12:0 a.m.14 views

PT-2026-44929

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.19.0 and earlier, the protectedProcedure middleware only verifies the user is authenticated - it does NOT enforce organization scoping. Each endpoint must individually verify the resource's org matches the session's...

5.3CVSS5.8AI score0.00225EPSS
Exploits0References2
osv
osv
added 2026/05/28 9:31 a.m.3 views

GHSA-MPMF-3W4R-QFPF KubeVirt has a Link Following issue

A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link symlink within an exported filesystem Persistent Volume Claim PVC that points...

7.7CVSS5.9AI score0.00516EPSS
Exploits0References11
nvd
nvd
added 2026/05/28 9:16 a.m.18 views

CVE-2026-9804

A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link symlink within an exported filesystem Persistent Volume Claim PVC that points...

7.7CVSS0.00516EPSS
Exploits0References8
euvd
euvd
added 2026/05/28 8:15 a.m.14 views

EUVD-2026-32748

A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link symlink within an exported filesystem Persistent Volume Claim PVC that points...

7.7CVSS5.8AI score0.00516EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/05/28 8:15 a.m.14 views

CVE-2026-9804

A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link symlink within an exported filesystem Persistent Volume Claim PVC that points...

7.7CVSS5.8AI score0.00516EPSS
Exploits0References3
mscve
mscve
added 2026/05/28 8:2 a.m.9 views

ntfs3: fix integer overflow in run_unpack() volume boundary check

...

7.8CVSS5.4AI score0.00142EPSS
Exploits0
snyk
snyk
added 2026/05/28 6:0 a.m.6 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the virt-exportserver process. An attacker can access sensitive files from the exporter pod's filesystem by placing a symbolic link within an exported filesystem Persistent Volume Claim PVC that points outside its...

7.7CVSS5.5AI score0.00516EPSS
Exploits0References2
susecve
susecve
added 2026/05/28 3:53 a.m.13 views

SUSE CVE-2026-46062

In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix integer overflow in rununpack volume boundary check The volume boundary check lcn + len sbi-used.bitmap.nbits uses raw addition which can wrap around for large lcn and len values, bypassing the validation. Use...

7.8CVSS5.8AI score0.00142EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/05/27 8:10 p.m.14 views

CVE-2026-46062

A flaw was found in the Linux kernel's ntfs3 filesystem driver. An integer overflow vulnerability exists in the rununpack function's volume boundary check. This flaw occurs because the check uses raw addition, which can wrap around for large values, potentially bypassing validation. This could le...

7.8CVSS5.9AI score0.00142EPSS
Exploits0References4
nvd
nvd
added 2026/05/27 6:16 p.m.16 views

CVE-2026-44521

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.68, an authenticated SQL injection vulnerability in the elFinder MySQL volume driver elFinderVolumeMySQL allows any logged-in user, including users with read-only access to the affected volume, to...

8.8CVSS0.00243EPSS
Exploits0References1
Rows per page
Query Builder