Lucene search
K

26 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-55686

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the WORKDIR path contains a symlink can...

5.3CVSS6AI score0.00317EPSS
Exploits1References4
NVD
NVD
added 2026/06/26 5:16 p.m.8 views

CVE-2026-55686

Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the WORKDIR path contains a symlink can create a directory or modify ownership on the host filesystem. Modified ownership is less likely to happen as that requires help from an...

5.3CVSS0.00317EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/26 4:30 p.m.34 views

CVE-2026-55686 Podman: WORKDIR symlink traversal vulnerability

Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the WORKDIR path contains a symlink can create a directory or modify ownership on the host filesystem. Modified ownership is less likely to happen as that requires help from an...

5.3CVSS0.00317EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/26 4:30 p.m.8 views

EUVD-2026-39808

Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the WORKDIR path contains a symlink can create a directory or modify ownership on the host filesystem. Modified ownership is less likely to happen as that requires help from an...

5.3CVSS5.8AI score0.00317EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 4:30 p.m.7 views

CVE-2026-55686

Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the WORKDIR path contains a symlink can create a directory or modify ownership on the host filesystem. Modified ownership is less likely to happen as that requires help from an...

5.3CVSS5.8AI score0.00317EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/06/26 4:30 p.m.26 views

CVE-2026-55686

Summary of CVE-2026-55686 (Podman: WORKDIR symlink traversal) Affects Podman versions 3.0.0 through 5.7.0 where a container image run with a crafted WORKDIR path that contains a symlink can cause a host filesystem change: create a directory or modify ownership. Ownership modification is less like...

5.3CVSS5.8AI score0.00317EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/06/25 10:34 p.m.6 views

GO-2026-5568 Podman: WORKDIR symlink traversal vulnerability in github.com/containers/podman

Podman: WORKDIR symlink traversal vulnerability in github.com/containers/podman...

5.3CVSS5.8AI score0.00317EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/06/18 2:28 p.m.11 views

Podman: WORKDIR symlink traversal vulnerability

Summary Running a malicous container image where the WORKDIR path contains a symlink can create a directory or modify ownership on the host filesystem. Modified ownership is less likely to happen as that requires help from an untrusted/malicious process that mutates the host filesystem tree durin...

5.3CVSS5.4AI score0.00317EPSS
Exploits1References4Affected Software3
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.19 views

PT-2026-50742

Name of the Vulnerable Software and Affected Versions Podman versions prior to 5.7.1 Description Running a malicious container image where the WORKDIR path contains a symlink can allow an attacker to create a directory or modify ownership on the host filesystem. Modifying ownership is less likely...

5.3CVSS5.9AI score0.00317EPSS
Exploits1References7
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: ovl: fixed the warning in ovlcreatereal Syzbot triggered the following warning in ovlworkdircreate - ovlcreatereal: if !err && WARNON!newdentry-d inode The reason is that the cgroup2 filesystem returns from mkdir without...

5.5CVSS6.3AI score0.00235EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/05 10:8 p.m.2 views

Directory Traversal

Overview griptape is a Modular Python framework for LLM workflows, tools, memory, and data. Affected versions of this package are vulnerable to Directory Traversal via the filename handling in the code-writing path used by executecodeincontainer in griptape/tools/computer/tool.py. An attacker can...

6.5CVSS7.2AI score0.00422EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/05 10:8 p.m.4 views

Directory Traversal

Overview griptape-tools is a Tools for the Griptape framework. Affected versions of this package are vulnerable to Directory Traversal via the filename handling in the code-writing path used by executecodeincontainer in griptape/tools/computer/tool.py. An attacker can write arbitrary files on the...

6.5CVSS7.2AI score0.00422EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/17 8:33 p.m.6 views

AWS API MCP File Access Restriction Bypass

Description The AWS API MCP Server is an open source Model Context Protocol MCP server that enables AI assistants to interact with AWS services and resources through AWS CLI commands. It provides programmatic access to manage your AWS infrastructure while maintaining proper security controls. Thi...

6.8CVSS5.9AI score0.00131EPSS
Exploits0References6Affected Software2
PyPA
PyPA
added 2026/03/16 5:16 p.m.22 views

PYSEC-2026-162

Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions = 0.2.14 and 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context.To...

6.8CVSS5.9AI score0.00131EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/03/16 5:16 p.m.3 views

CVE-2026-4270

Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions = 0.2.14 and 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. To...

6.8CVSS0.00131EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/16 4:7 p.m.2 views

CVE-2026-4270 AWS API MCP File Access Restriction Bypass

Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions = 0.2.14 and 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. To...

6.8CVSS5.9AI score0.00131EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.4 views

PT-2026-25773

Name of the Vulnerable Software and Affected Versions AWS API MCP Server versions 0.2.14 through 1.3.8 Description The AWS API MCP Server, used to enable AI assistants to interact with AWS services, has an issue where file access restrictions can be bypassed. This affects the 'no-access' and...

6.8CVSS5.9AI score0.00131EPSS
Exploits0References9
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.12 views

Agent-Zero 0.8.0 - 0.9.4 - Arbitrary File Download

Agent-Zero v0.8.0 - 0.9.4 contains a path traversal caused by improper validation in /api/downloadworkdirfile.py, letting attackers access unauthorized files, exploit requires crafted request. id: CVE-2025-55523 info: name: Agent-Zero 0.8.0 - 0.9.4 - Arbitrary File Download author: 0xAkoko...

3.5CVSS4.7AI score0.00979EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.4 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-990096)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990096 advisory. In the Linux kernel, the following vulnerability has been resolved: ovl: fix warning in ovlcreatereal Syzbot triggered the following warning in ovlworkdircreate -...

5.5CVSS5.9AI score0.00235EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-1999-1019

Malware in sbrugna...

7.2CVSS6.4AI score0.00345EPSS
Exploits0References2
Rows per page
Query Builder