3356 matches found
Keras 3.13.0 HDF5 Shape Fuzzing for Robustness Testing
This script performs fuzz testing against Keras version 3.13.0 on randomly generated tensor shapes using NumPy and HDF5 to evaluate stability and error handling in file creation workflows...
Security update for cacti, cacti-spine (critical)
openSUSE Security Update: Security update for cacti, cacti-spine Announcement ID: openSUSE-SU-2026:0148-1 Rating: critical References: 1231027 1231369 1231370 1231371 1231372 1236482 1236486 1236487 1236488 1236489 1236490 Cross-References: CVE-2024-43362 CVE-2024-43363 CVE-2024-43364...
EUVD-2026-25020
A logic error in the ln utility of uutils coreutils allows the utility to dereference a symbolic link target even when the --no-dereference or -n flag is explicitly provided. The implementation previously only honored the "no-dereference" intent if the --force overwrite mode was also enabled. Thi...
CVE-2026-35372 uutils coreutils ln Security Bypass via Improper Handling of the --no-dereference Flag
A logic error in the ln utility of uutils coreutils allows the utility to dereference a symbolic link target even when the --no-dereference or -n flag is explicitly provided. The implementation previously only honored the "no-dereference" intent if the --force overwrite mode was also enabled. Thi...
CVE-2026-35360 uutils coreutils touch Arbitrary File Truncation via TOCTOU Race Condition
The touch utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition during file creation. When the utility identifies a missing path, it later attempts creation using File::create, which internally uses OTRUNC. An attacker can exploit this window to create ...
CVE-2026-35360
The touch utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition during file creation. When the utility identifies a missing path, it later attempts creation using File::create, which internally uses OTRUNC. An attacker can exploit this window to create ...
CVE-2026-35342 uutils coreutils mktemp Insecure Temporary File Placement via Empty TMPDIR
The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the...
InstructLab vulnerable to Path Traversal
A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in the chat session handler by manipulating the logsdir parameter. This allows the attacker to create new directories and write files to arbitrary locations on the system, potentially leading to...
PT-2026-34496
The touch utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition during file creation. When the utility identifies a missing path, it later attempts creation using File::create, which internally uses O TRUNC. An attacker can exploit this window to create...
uutils coreutils 安全漏洞
uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. uutils coreutils has a security vulnerability that stems from race conditions during file creation. This vulnerability could allow attackers to truncate existing files, resulting in permanent data loss...
uutils coreutils 安全漏洞
uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. uutils coreutils has a security vulnerability, which stems from a logical error in the ln function. This vulnerability could allow local attackers to manipulate existing symbolic links, redirecting fil...
GLSA-202604-04 : DTrace: Arbitrary file creation via dtprobed
The remote host is affected by the vulnerability described in GLSA-202604-04 DTrace: Arbitrary file creation via dtprobed A vulnerability has been found in dtprobed that allows for arbitrary file creation through specially crafted USDT provider names. Tenable has extracted the preceding descripti...
DTrace: Arbitrary file creation via dtprobed
Background DTrace is a dynamic tracing tool for analysing or debugging the whole system. Specifically, dtprobed is a component of the DTrace system that keeps track of USDT probes within running processes, parsing and storing the DOF they provide for later consumption by dtrace proper. Descriptio...
CLSA-2026-1776329620 glib2: Fix of 6 CVEs
CVE-2026-1489: fix integer overflow in Unicode case conversion functions - CVE-2026-1484: fix integer overflow in GLib Base64 encoding - CVE-2025-14512: fix integer overflow in escapebytestring for byte strings with many invalid characters - CVE-2026-1485: fix buffer underflow in content type...
CLSA-2026-1776246056 glib2: Fix of 5 CVEs
CVE-2026-1489: fix integer overflow in Unicode case conversion functions - CVE-2026-1484: fix integer overflow in GLib Base64 encoding - CVE-2026-1485: fix buffer underflow in content type treemagic parsing - CVE-2026-0988: fix integer overflow in gbufferedinputstreampeek - CVE-2025-7039: fix...
JLSEC-2026-103 Insufficient permission checking in `Deno.makeTemp*` APIs
Impact Insufficient validation of parameters in Deno.makeTemp APIs would allow for creation of files outside of the allowed directories. This may allow the user to overwrite important files on the system that may affect other systems. A user may provide a prefix or suffix to a Deno.makeTemp API...
Schneider Electric PowerChute Serial Shutdown 资源管理错误漏洞
Schneider Electric PowerChute Serial Shutdown is a UPS management, normal shutdown and energy management software from Schneider Electric France. Schneider Electric PowerChute Serial Shutdown suffers from a Resource Management Error vulnerability that stems from uncontrolled resource consumption,...
PT-2026-32677
Name of the Vulnerable Software and Affected Versions PowerChute Serial Shutdown affected versions not specified Description An uncontrolled resource consumption issue exists where a Web Admin user can cause a denial of service. This occurs when the system is flooded with specially crafted POST...
CVE-2026-21012
CVE-2026-21012 describes external control of a file name in AODManager prior to SMR Apr-2026 Release 1. This allows a privileged local attacker to create a file with system privileges. The connected documents reiterate the same description; no additional technical details (affected versions, spec...
CVE-2026-33698
Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allow an unauthenticated attacker to modify existing files or create new files where allowed by system permissions. This only affects portals...