PT-2026-24275

Windows Universal Disk Format File System Driver UDFS Elevation of Privilege Vulnerability...

Microsoft Brokering File System 资源管理错误漏洞

The Microsoft Brokering File System is a file system developed by Microsoft Corporation. There is a resource management vulnerability in the Microsoft Brokering File System. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are affected: Windo...

Microsoft Windows NTFS 缓冲区错误漏洞

Microsoft Windows NTFS is a file system provided by the American company Microsoft for managing computer files. This file system features error alerts, disk self-repair functions, and logging capabilities. There is a buffer error vulnerability present in Microsoft Windows NTFS. Attackers can...

RockyLinux 9 : nfs-utils (RLSA-2026:3940)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:3940 advisory. nfs-utils: rpc.mountd in the nfs-utils privilege escalation CVE-2025-12801 Tenable has extracted the preceding description block directly from the RockyLinux...

EulerOS 2.0 SP13 : kernel (EulerOS-SA-2026-1244)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : nvme: nvme-fc: Ensure -ioerrwork is cancelled in nvmefcdeletectrlCVE-2025-40261 cifs: fix session state check in reconnect to avoid use-after-free...

CLSA-2026-1773047152 kernel: Fix of 21 CVEs

i40e: fix IRQ freeing in i40evsirequestirqmsix error path CVE-2025-39911 - media: rc: fix races with imondisconnect CVE-2025-39993 - VMCI: fix race between vmcihostsetupnotify and vmcictxunsetnotify CVE-2025-38102 - partitions: mac: fix handling of bogus partition table CVE-2025-21772 - tracing:...

CLSA-2026-1773045484 kernel: Fix of 28 CVEs

fix: dm: fix dmblkreportzones CVE-2025-38141 - ice: Fix a null pointer dereference in icecopyandinitpkg CVE-2025-38664 - qed: Don't collect too many protection override GRC elements CVE-2025-39949 - drm/amd/display: Avoid a NULL pointer dereference CVE-2025-39693 - iommu/amd/pgtbl: Fix possible...

RHSA-2026:3939 Red Hat Security Advisory: nfs-utils security update

Bulletin has no description...

RHSA-2026:3940 Red Hat Security Advisory: nfs-utils security update

Bulletin has no description...

BIT-DJANGO-2026-25674 Potential incorrect permissions on newly created file system objects

An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file system objects to be created with incorrect permissions via concurrent requests, where one thread's...

CVE-2026-29039 changedetection.io: XPath - Arbitrary File Read via unparsed-text()

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to specify XPath expressions as content filters via the includefilters field. These XPath expressions are processed using the elementpath library which...

MGASA-2026-0050 Updated python-django packages fix security vulnerability

Potential incorrect permissions on newly created file system objects. CVE-2026-25674...

SICK Lector85x和SICK SICK Lector83x 安全漏洞

SICK Lector85x and SICK SICK Lector83x are a series of QR code image recognition readers developed by the German company SICK. Both devices have security vulnerabilities; these vulnerabilities stem from incomplete execution of the whitelist. Attackers could potentially access the restricted file...

Navtor NavBox 安全漏洞

Navtor NavBox is a shipping information system device developed by the Norwegian company Navtor. It is used for electronic nautical chart management and synchronization of navigation data. There is a security vulnerability in Navtor NavBox. This vulnerability stems from the HTTP service not...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-8070-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8070-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...

Golang 1.25.x < 1.25.8 / 1.26.x < 1.26.1 Multiple Vulnerabilities

The version of Golang running on the remote host is prior to 1.25.8, or 1.26.x prior to 1.26.1. It is, therefore, affected by multiple vulnerabilities as referenced in the advisory. - The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted...

nfs-utils: rpc.mountd in the nfs-utils privilege escalation

A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exporte...

CVE-2026-21423

Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an incorrect default permissions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to code execution, denial of service, elevation of...

OpenClaw 安全漏洞

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from a file inclusion vulnerability. An attacker can exploit this vulnerability to read arbitrary files in the local file system...

ALSA-2026:3938 Moderate: nfs-utils security update

The nfs-utils packages provide a daemon for the kernel Network File System NFS server and related tools, which provides better performance than the traditional Linux NFS server used by most users. These packages also contain the mount.nfs, umount.nfs, and showmount programs. Security Fixes:...