GHSA-C4FP-CXRR-MJ66 Net::IMAP: Denial of Service via incomplete raw argument validation

Summary Several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled input, an attacker can force the next command to be absorbed as a continuation of the first command. This will...

CVE-2026-46023 dm mirror: fix integer overflow in create_dirty_log()

In the Linux kernel, the following vulnerability has been resolved: dm mirror: fix integer overflow in createdirtylog The argument count calculation in createdirtylog performs argsused = 2 + paramcount before validating against argc. When a user provides a paramcount close to UINTMAX via the devi...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fixed a memory leak in xevmmadviseioctl. When the checkboargsaresane validation fails, the code jumps to the new freevmas cleanup label to properly release the allocated resources. This ensures proper cleanup in the event...

EUVD-2026-29501

The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 allows arbitrary code execution. When a user supplies a directory path via the --model command-line argument, the function reads a module.py file from...

EUVD-2026-28595

PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parsemcpcommand, allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through t...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-011365)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011365 advisory. In the Linux kernel, the following vulnerability has been resolved: nbd: fix incomplete validation of ioctl arg We tested and found an alarm caused by nbdioctl arg...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013212)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013212 advisory. In the Linux kernel, the following vulnerability has been resolved: nbd: fix incomplete validation of ioctl arg We tested and found an alarm caused by nbdioctl arg...

PraisonAI has an incomplete fix for CVE-2026-34935 - OS Command Injection

Summary The fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parsemcpcommand, allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through to subprocess execution. Affected Package - Ecosystem: PyP...

CVE-2026-20040

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI...

CVE-2026-3479

DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.getdata has the same security model as open. The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.getdata did...

PSF-2026-13

DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.getdata has the same security model as open. The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.getdata did...

CVE-2026-3479

DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.getdata has the same security model as open. The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.getdata did...

Cisco IOS XR Software CLI Privilege Escalation (cisco-sa-iosxr-privesc-bF8D5U4W)

According to its self-reported version, Cisco IOS XR is affected by a vulnerability. - A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerabilit...

CVE-2026-20040 Cisco IOS XR Software CLI Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI...

CVE-2026-20040

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI...

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RHEL 8 : kernel (RHSA-2026:3388)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3388 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: RDMA/core: Fix KASAN:...

OpenClaw safeBins file-existence oracle information disclosure

An information disclosure vulnerability in OpenClaw's tools.exec.safeBins approval flow allowed a file-existence oracle. When safe-bin validation examined candidate file paths, command allow/deny behavior could differ based on whether a path already existed on the host filesystem. An attacker cou...

kernel: nbd: fix incomplete validation of ioctl arg

A flaw has been found in the Linux kernel’s NBD drivers.The issue stems from incomplete validation of IOCTL arguments passed to the NBD driver. Specifically, oversized or unchecked arguments may lead to a signed integer overflow in blockwritefullpage and misuse of argument values cast to int in...

PT-2025-51937

Name of the Vulnerable Software and Affected Versions mcp-server-git versions prior to 2025.12.17 Description The git diff and git checkout functions in mcp-server-git did not properly sanitize user-supplied arguments before passing them to git CLI commands. Specifically, flag-like values, such a...