CVE-2026-42574 | chainguard-dev apko 0.14.5/1.1.0/1.1.1 pkg/apk/fs/rwosfs.go dirFS path traversal

Inserito da | Mag 5, 2026 |

A vulnerability, which was classified as critical, was found in chainguard-dev apko 0.14.5/1.1.0/1.1.1. The impacted element is the function dirFS of the file pkg/apk/fs/rwosfs.go. The manipulation results in path traversal.

This vulnerability is cataloged as CVE-2026-42574. The attack may be launched remotely. There is no exploit available.

You should upgrade the affected component.

Post correlati

CVE-2025-63374 | CyberArk Endpoint Privilege Management prior 25.12 Local Privilege Escalation

CVE-2025-63374 | CyberArk Endpoint Privilege Management prior 25.12 Local Privilege Escalation

03.02.2026

CVE-2024-10522 | seb-emendo Co-marquage service-public.fr Plugin up to 0.5.76 on WordPress add_query_arg cross site scripting

CVE-2024-10522 | seb-emendo Co-marquage service-public.fr Plugin up to 0.5.76 on WordPress add_query_arg cross site scripting

21.11.2024

CVE-2024-57771 | JFinalOA 1.0.2 common/getEditPage?view cross site scripting

CVE-2024-57771 | JFinalOA 1.0.2 common/getEditPage?view cross site scripting

16.01.2025

CVE-2024-51658 | Henrik Hoff WP Course Manager Plugin up to 1.3 on WordPress cross-site request forgery

CVE-2024-51658 | Henrik Hoff WP Course Manager Plugin up to 1.3 on WordPress cross-site request forgery

15.11.2024

CVE-2026-42574 | chainguard-dev apko 0.14.5/1.1.0/1.1.1 pkg/apk/fs/rwosfs.go dirFS path traversal

Inserito da | Mag 5, 2026 |

A vulnerability, which was classified as critical, was found in chainguard-dev apko 0.14.5/1.1.0/1.1.1. The impacted element is the function dirFS of the file pkg/apk/fs/rwosfs.go. The manipulation results in path traversal.

This vulnerability is cataloged as CVE-2026-42574. The attack may be launched remotely. There is no exploit available.

You should upgrade the affected component.

Post correlati

CVE-2025-13300 | itsourcecode Web-Based Internet Laboratory Management System 1.0 /settings/controller.php sql injection

CVE-2025-13300 | itsourcecode Web-Based Internet Laboratory Management System 1.0 /settings/controller.php sql injection

17.11.2025

CVE-2025-14959 | code-projects Simple Stock System 1.0 /market/signup.php Username sql injection

CVE-2025-14959 | code-projects Simple Stock System 1.0 /market/signup.php Username sql injection

19.12.2025

CVE-2024-11969 | Cradlepoint NetCloud Exchange Client 1.110.50 on Windows default permission

CVE-2024-11969 | Cradlepoint NetCloud Exchange Client 1.110.50 on Windows default permission

28.11.2024

CVE-2025-7040 | Cloud SAML SSO Plugin up to 1.0.19 on WordPress csso_handle_actions authorization

CVE-2025-7040 | Cloud SAML SSO Plugin up to 1.0.19 on WordPress csso_handle_actions authorization

05.09.2025