ROS-20260313-73-0009

A vulnerability in the nfsfsprocnetinit function of the NFS file system of the Linux operating system kernel is related to incorrect resource cleanup or release. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

TinaCMS CLI has Arbitrary File Read via Disabled Vite Filesystem Restriction

Summary The TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite's built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the host system Details When running tinacms dev, the CLI...

CVE-2026-28792 Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS

Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS configuration Access-Control-Allow-Origin: with the path traversal vulnerability previously reported to enable a browser-based drive-by attack. A remote attacker can enumerate the...

CLSA-2026-1773311565 nfs-utils: Fix of CVE-2025-12801

CVE-2025-12801: fix rpc.mountd privilege escalation allowing NFSv3 clients to bypass rootsquash and allsquash when mounting subdirectories...

OpenClaw File Inclusion Vulnerability

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from a file inclusion vulnerability. An attacker can exploit this vulnerability to read arbitrary files in the local file system...

CVE-2026-31988

yauzl aka Yet Another Unzip Library version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate function. The while loop condition checks cursor data.length + 4 instead of cursor + 4 = data.length, allowing readUInt16LE to rea...

SUSE CVE-2025-12801

A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exporte...

GHSA-364Q-W7VH-VHPC OliveTin's unsafe parsing of UniqueTrackingId can be used to write files

When the saveLogs feature is enabled, OliveTin persists execution log entries to disk. The filename used for these log files is constructed in part from the user-supplied UniqueTrackingId field in the StartAction API request. This value is not validated or sanitized before being used in a file...

EUVD-2026-10612

Improper access control in Windows Projected File System allows an authorized attacker to elevate privileges locally...

EUVD-2026-10630

Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally...

EUVD-2026-10644

Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally...

EUVD-2026-10613

Improper access control in Windows Projected File System allows an authorized attacker to elevate privileges locally...

EUVD-2026-10595

Windows Universal Disk Format File System Driver UDFS Elevation of Privilege Vulnerability...

EUVD-2026-10597

Out-of-bounds read in Windows Resilient File System ReFS allows an authorized attacker to elevate privileges locally...

EUVD-2026-10596

Out-of-bounds read in Windows Resilient File System ReFS allows an authorized attacker to elevate privileges locally...

EUVD-2026-10594

Windows Universal Disk Format File System Driver UDFS Elevation of Privilege Vulnerability...

CVE-2026-25167

Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally...

CVE-2026-25167

Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally...

CVE-2026-24290

Improper access control in Windows Projected File System allows an authorized attacker to elevate privileges locally...