MAL-2026-701 Malicious code in filespath (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 556cf54f0093609b5c80263f0ba00056293592e66eb2a212454692e9cca38a35 Disguised as file system manipulation library, the package hides an obfuscated code to communicate with a Telegram channel. Though the usage is not known at th...

MAL-2026-697 Malicious code in pathlib-v2-utility (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c8dc8b60e188fb941aeb9f5b6207d2c0fcab27719a142558498bf72d1602d992 Disguised as file system manipulation library, the package hides an obfuscated code to communicate with a Telegram channel. Though the usage is not known at th...

Malicious code in pathfiles (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a96d53709493a07432f8619b9ca322fef0fb4bf9080a02da7e8f6bc03353b3c0 Disguised as file system manipulation library, the package hides an obfuscated code to communicate with a Telegram channel. Though the usage is not known at th...

PT-2026-5903

Name of the Vulnerable Software and Affected Versions AION version 2.0 Description A configuration issue exists where the root file system is not mounted as read-only. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or...

EulerOS 2.0 SP13 : kernel (EulerOS-SA-2026-1212)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : tipc: fix a null-ptr-deref in tipctopsrvaccept CVE-2022-50555 integrity: Fix memory leakage in keyring allocation error path CVE-2022-50395 objtoo...

CVE-2022-50950 Webile 1.0.1 Directory Traversal Vulnerability via Web Application

Webile 1.0.1 contains a directory traversal vulnerability that allows remote attackers to manipulate file system paths without authentication. Attackers can exploit path manipulation to access sensitive system directories and potentially compromise the mobile device's local file system...

CVE-2022-50950

Webile 1.0.1 contains a directory traversal vulnerability that allows remote attackers to manipulate file system paths without authentication. Attackers can exploit path manipulation to access sensitive system directories and potentially compromise the mobile device's local file system...

CVE-2022-50950

CVE-2022-50950 affects Webile 1.0.1 and describes a directory traversal vulnerability in the web application that allows remote attackers to manipulate file system paths without authentication. The underlying issue is path manipulation enabling access to sensitive system directories and potential...

PT-2026-5571

Webile 1.0.1 contains a directory traversal vulnerability that allows remote attackers to manipulate file system paths without authentication. Attackers can exploit path manipulation to access sensitive system directories and potentially compromise the mobile device's local file system...

[SECURITY] [DLA 4460-1] ceph security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-4460-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta February 01, 2026 https://wiki.debian.org/LTS -...

UBUNTU-CVE-2026-23018

In the Linux kernel, the following vulnerability has been resolved: btrfs: release path before initializing extent tree in btrfsreadlockedinode In btrfsreadlockedinode we are calling btrfsinitfileextenttree while holding a path with a read locked leaf from a subvolume tree, and...

CVE-2026-23038

In the Linux kernel, the following vulnerability has been resolved: pnfs/flexfiles: Fix memory leak in nfs4ffallocdeviceidnode In nfs4ffallocdeviceidnode, if the allocation for dsversions fails, the function jumps to the outscratch label without freeing the already allocated dsaddrs list, leading...

CVE-2026-23018

CVE-2026-23018 describes a Linux kernel vulnerability in the btrfs code path. In btrfs_read_locked_inode(), a path with a read-locked leaf from a subvolume tree is used while calling btrfs_init_file_extent_tree(), which may perform GFP_KERNEL allocations and trigger memory reclaim. This can creat...

Exploit for Reliance on Untrusted Inputs in a Security Decision in Microsoft

CTT-NFS-Vortex-RCE New Physics Disclosure This repository cont...

kernel security update

3.10.0-1160.119.1.0.16 - net: sched: sfb: fix null pointer access issue when sfbinit fails CVE-2022-50356 Orabug: 38790244 - fs: fix UAF/GPF bug in nilfsmdtdestroy CVE-2022-50367 Orabug: 38790244 - iomap: iomap: fix memory corruption when recording CVE-2022-50406 Orabug: 38790244 - mm: fix zswap...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-7986-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7986-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...

USN-7986-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Ceph distributed file system; - JFFS2 file system; - Timer subsystem; - USB sound devices; CVE-2024-26689,...

USN-7986-1 linux vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Ceph distributed file system; - JFFS2 file system; - Timer subsystem; - USB sound devices; CVE-2024-26689,...

ceph: privilege escalation by unprivileged users in a ceph-fuse mounted CephFS

A vulnerability in Ceph was discovered whereby an unprivileged user could change the permissions of a directory owned by the root user, gaining access to the targeted directory. The non-privileged user can escalate privileges to root in a CephFS mounted with ceph-fuse by applying chmod 777 read,...

TP-Link VX800v security vulnerability

The TP-Link VX800v is a VoIP gateway produced by the TP-Link company. The TP-Link VX800v 1.0 version has a security vulnerability. This vulnerability stems from improper parsing of USB HTTP access path links, which may allow custom USB devices to expose the contents of the root file system...