CVE-2026-49128 Music Player Daemon < 0.24.11 Path Traversal via LocalStorage URI Handling

Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...

CVE-2026-42597 Gotenberg: Chromium URL conversion routes read arbitrary files under /tmp via file:// scheme

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers. The default Chromium deny-list intentionally exempts file:///tmp/ so HTML/Markdown routes can lo...

CVE-2026-44307 Mako: Path traversal via backslash URI on Windows in TemplateLookup

Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: nilfs2: The error related to directory read operations from nilfsfindentry is now propagated to the calling functions. Syzbot reported that a task hang occurred in vcsopen during a fuzzing test for nilfs2. The root cause of this...

Unity Linux 20.1050e / 20.1060e Security Update: kernel (UTSA-2026-013404)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013404 advisory. In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix nilfsemptydir misjudgment and long loop on I/O errors The error handling in...

Important: containerd

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

Important: nerdctl

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

GHSA-32PV-MPQG-H292 Saltcorn has an Unauthenticated Path Traversal in sync endpoints, allowing arbitrary file write and directory read

Summary Two unauthenticated path traversal vulnerabilities exist in Saltcorn's mobile sync endpoints. The POST /sync/offlinechanges endpoint allows an unauthenticated attacker to create arbitrary directories and write a changes.json file with attacker-controlled JSON content anywhere on the serve...

EUVD-2026-21517

Saltcorn has an Unauthenticated Path Traversal in sync endpoints, allowing arbitrary file write and directory read...

CVE-2026-40163

Saltcorn is affected by an unauthenticated path traversal vulnerability in the sync endpoints. Before versions 1.4.5, 1.5.5, and 1.6.0-beta.4, POST /sync/offline_changes allows an attacker to create arbitrary directories and write a changes.json file with attacker-controlled JSON anywhere on the ...

CVE-2026-40163 Saltcorn has an Unauthenticated Path Traversal in sync endpoints allows arbitrary file write and directory read

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.5, 1.5.5, and 1.6.0-beta.4, the POST /sync/offlinechanges endpoint allows an unauthenticated attacker to create arbitrary directories and write a changes.json file with attacker-controlled JSON content...

EUVD-2026-10156

A vulnerability was determined in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::compounddocument::readdirectory of the file source/detail/cryptography/compounddocument.cpp of the component Encrypted XLSX File Parser. Executing a manipulation can lead to out-of-bounds rea...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005559)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005559 advisory. In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix nilfsemptydir misjudgment and long loop on I/O errors The error handling in...

kernel: smb: client: Fix use-after-free in cifs_fill_dirent

A use-after-free flaw was found in cifsfilldirent in fs/cifs/readdir.c in smb client in the Linux Kernel. This flaw could allow an attacker to crash the system due to race problem. This vulnerability could even lead to a kernel information leak problem...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005197)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005197 advisory. In the Linux kernel, the following vulnerability has been resolved: nilfs2: propagate directory read errors from nilfsfindentry Syzbot reported that a task hang occu...

Siemens SIMATIC S7-1500 Excessive Platform Resource Consumption within a Loop (CVE-2024-39469)

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix nilfsemptydir misjudgment and long loop on I/O errors The error handling in nilfsemptydir when a directory folio/page read fails is incorrect, as in the old ext2 implementation, and if the folio/page cannot be read or...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-401634)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-401634 advisory. In the Linux kernel, the following vulnerability has been resolved: nilfs2: propagate directory read errors from nilfsfindentry Syzbot reported that a task hang occu...

CLSA-2025-1747260502 kernel: Fix of 5 CVEs

ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices CVE-2024-53197 - Bluetooth: L2CAP: Fix slab-use-after-free Read in l2capsendcmd CVE-2025-21969 - ext4: fix OOB read when checking dotdot dir CVE-2025-37785 - iscsiibft: Fix UBSAN shift-out-of-bounds warning in...

Linux Distros Unpatched Vulnerability : CVE-2024-57952

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Revert libfs: fix infinite directory reads for offset dir The current directory offset allocator based on mtreealloccyclic stores the next offset value to retur...

CVE-2022-49107

In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in cephreaddir when notelastdentry returns error Reset the lastreaddir at the same time, and add a comment explaining why we don't free lastreaddir when diremit returns false...