OESA-2026-1544 busybox security update

The Swiss Army Knife of Embedded Linux Security Fixes: A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory...

SUSE SLES12 Security Update : busybox (SUSE-SU-2026:0892-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0892-1 advisory. - CVE-2023-42363: use-after-free vulnerability in xasprintf function in xfuncsprintf.c bsc1217580. - CVE-2023-42364: use-after-free in the awk....

CVE-2026-32116 Magic Wormhole: "wormhole receive" allows arbitrary local file overwrite

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This cou...

Symlink Attack

Overview tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Symlink Attack via tar.x extraction, which allows an attacker to overwrite arbitrary files outside the intended extraction directory with a drive-relative symlink target - like...

Relative Path Traversal

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Relative Path Traversal via the editpackage function when processing the packfolder parameter. An attacker can overwrite arbitrary files on the system by...

Path Traversal

changedetection.io is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths during the backup restore process, which allows an attacker to upload a crafted ZIP archive containing path traversal sequences and overwrite arbitrary files on the system...

SUSE-SU-2026:20656-1 Security update for docker-compose

This update for docker-compose fixes the following issues: - CVE-2025-47914: non validated message size can cause a panic due to an out of bounds read bsc1254041. - CVE-2025-47913: client process termination when receiving an unexpected message type in response to a key listing or signing request...

CVE-2026-29065 changedetection.io: Zip Slip vulnerability in the backup restore functionality

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, a Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. This issue has been patched in version 0.54.4...

CVE-2026-29065

CVE-2026-29065 affects changedetection.io; pre-0.54.4, the backup restore function is vulnerable to Zip Slip (path traversal) in ZIP archives, enabling arbitrary file overwrite outside the extraction directory. Impact is described as high confidentiality and integrity risk with network attacker a...

SUSE SLES15 / openSUSE 15 Security Update : busybox (SUSE-SU-2026:0758-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0758-1 advisory. - CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization bsc1258163. ...

changedetection.io 路径遍历漏洞

changedetection.io is a website-based application developed by dgtlmoon, designed for change detection, monitoring, and notification. Versions of changedetection.io prior to 0.54.4 contained a path traversal vulnerability. This vulnerability stemmed from an arbitrary file overwrite vulnerability ...

Important: nodejs22

Issue Overview: A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be...

SUSE SLED15 / SLES15 Security Update : busybox (SUSE-SU-2026:0759-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0759-1 advisory. - CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization...

GHSA-25G8-2MCF-FCX9 changedetection.io has Zip Slip vulnerability in the backup restore functionality

Summary A Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. Details A Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. The...

changedetection.io has Zip Slip vulnerability in the backup restore functionality

Summary A Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. Details A Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. The...

CVE-2025-66945

A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP archive is processed by the backend at /api/extract, files may be written outside the intended directory, leading to arbitrary file overwrite and potentially remote code execution...

CVE-2025-66945

A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP archive is processed by the backend at /api/extract, files may be written outside the intended directory, leading to arbitrary file overwrite and potentially remote code execution...

CVE-2025-66945

A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP archive is processed by the backend at /api/extract, files may be written outside the intended directory, leading to arbitrary file overwrite and potentially remote code execution...

Security update for busybox

This update for busybox fixes the following issues: CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization bsc1258163. CVE-2026-26158: Arbitrary file modification and privilege escalation via unvalidated tar archive entries bsc1258167. Patch...

CVE-2025-66945

A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP archive is processed by the backend at /api/extract, files may be written outside the intended directory, leading to arbitrary file overwrite and potentially remote code execution...