369090 matches found
CVE-2026-49856
Technical details for CVE-2026-49856 are not publicly available in the provided documents. Monitor for updates; no affected products, impact, or remediation can be stated from the current data.
CVE-2026-53489
CVE-2026-53489 affects containerd CRI: when checkpoint restore occurs, the CRI plugin may read a host file by following a symlink for container.log. Vulnerable versions are prior to 2.3.2, 2.2.5 and 2.1.9. Impact described as arbitrary host file read via kubectl logs, with LOCAL attack potential ...
CVE-2026-53492
Summary: CVE-2026-53492 affects containerd’s CRI checkpoint restoration, where CDI annotations in untrusted checkpoint metadata are trusted, allowing injection of CDI edits (device nodes/host mounts) into restored containers if CDI is enabled and a matching host CDI spec exists. The issue affects...
CVE-2026-46487
Technical details for CVE-2026-46487 are not publicly available in the provided documents; monitor for updates.
CVE-2026-39379
Technical details are not publicly available in the provided documents for CVE-2026-39379. Monitor for updates.
CVE-2025-36374
Technical details for CVE-2025-36374 are not publicly available in the provided documents. There is no information on affected products, root cause, or remediation. Monitor for updates.
CVE-2026-12733
Technical details for CVE-2026-12733 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-50195
Containerd CVE-2026-50195 affects CRI checkpoint import: unvalidated image references in a checkpoint config allow an attacker with pod-creation permissions to trigger pulling a malicious image and assign it a local tag, poisoning the node’s local image cache. Subsequent pods on the same node usi...
CVE-2026-50160
Hoppscotch self-hosted deployments (Hoppscotch-backend
CVE-2026-47262
CVE-2026-47262 affects containerd where a maliciously crafted image can trigger a Denial of Service by exhausting memory during container creation, causing an Out-Of-Memory (OOM) kill of the containerd process and making the runtime API unavailable (impacting clients like Docker Engine and Kubern...
CVE-2026-57737
Affect: WordPress plugin Shortcodes and extra features for Phlox theme (Averta LTD). Vulnerability: Cross-Site Scripting (XSS) of DOM-based type due to improper neutralization of input during web page generation. Affected versions: from n/a through 2.17.16. Context: The issue is documented across...
CVE-2026-57736
CVE-2026-57736 affects the WordPress HubSpot plugin (versions
CVE-2026-46680
CVE-2026-46680 concerns containerd, the container runtime. A flaw in how numeric User directives are parsed (not a 32-bit integer) can cause such values to be treated as usernames, enabling runAsNonRoot evasion. If a crafted image supplies an /etc/passwd mapping that maps this large numeric strin...
CVE-2026-58521
The CVE-2026-58521 entry concerns an SQL injection in the Wikimedia Foundation MediaWiki Cargo Extension. According to connected sources, the vulnerability arises from improper neutralization of special elements in SQL commands, affecting MediaWiki Cargo Extension versions before 1.43.9, 1.44.6, ...
CVE-2026-49091
CVE-2026-49091 affects Kibana and is caused by improper output neutralization for logs (CWE-117), enabling log injection when log content is viewed in terminals that interpret control sequences. Affected: Kibana 7.x up to 7.17.14 and 8.x up to 8.11.0. Remedies: upgrade to 7.17.15 or 8.11.1; mitig...
CVE-2026-49090
CVE-2026-49090 affects Elasticsearch and is caused by Uncontrolled Resource Consumption (CWE-400) via the bulk API, where an authenticated user can submit specially crafted bulk requests that trigger sustained high CPU and can render a node unresponsive. The issue is publicly discussed in Elastic...
CVE-2026-58520
CVE-2026-58520 affects the Wikimedia Foundation Mediawiki UrlShortener Extension. The issue is an open redirect: URL redirection to an untrusted site in the UrlShortener extension, impacting versions from before 1.43.9, 1.44.6, and 1.45.4. The connected documents provide the vulnerability descrip...
CVE-2026-5051
CVE-2026-5051 affects HashiCorp Vault and Vault Enterprise prior to 2.0.1. The audit device plugin directory guard could be bypassed when using the legacy file audit path option, because the file audit backend accepted the legacy path as a fallback and did not validate the destination against the...
CVE-2026-57723
CVE-2026-57723 affects the WordPress plugin VikBooking Hotel Booking Engine & PMS (e4jvikwp) up to version 1.8.12. The vulnerability is a CSRF to Arbitrary File Deletion issue, described as enabling path traversal that can delete arbitrary files. The CVE notes a HIGH impact with a CVSS 3.1 score ...
CVE-2026-57722
The CVE-2026-57722 entry concerns the WordPress plugin Enable Media Replace (versions up to and including 4.2.1). The vulnerability is described as a Stored Cross-Site Scripting (XSS) caused by improper neutralization of input during web page generation. Affected component: the Enable Media Repla...