17694 matches found
CVE-2026-28908
CVE-2026-28908 is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, and macOS Tahoe 26.5. The description indicates a denial-of-service fix achieved by removing the vulnerable code, and notes that an app may be able to modify protected parts of the filesystem. Several connected sources corrobor...
CVE-2026-28908
A denial of service issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to modify protected parts of the file system...
EUVD-2026-29080
An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perform a Path Traversal attack to create or overwrite arbitrary files anywhere on the host filesystem,...
CVE-2026-6815
An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perform a Path Traversal attack to create or overwrite arbitrary files anywhere on the host filesystem,...
CVE-2026-6815 CVE-2026-6815
An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perform a Path Traversal attack to create or overwrite arbitrary files anywhere on the host filesystem,...
CVE-2026-6815
CVE-2026-6815 affects Casdoor’s Local File System storage provider. An authenticated attacker with administrative/file-upload privileges can bypass the storage sandbox via path traversal (insufficient sanitization of pathPrefix/fullFilePath), enabling arbitrary file creation or overwriting on the...
Directory Traversal
Overview python-liquid is an A Python engine for the Liquid template language. Affected versions of this package are vulnerable to Directory Traversal via the FileSystemLoader and CachingFileSystemLoader components. An attacker can access and render arbitrary files outside the intended search pat...
python-liquid: Absolute paths escape filesystem loader search path
Impact The built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and render arbitrary files via the % include % and % render % tags. Targeted files...
USN-8180-6: Linux kernel (Raspberry Pi) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Drivers core; - Bluetooth drivers; - DMA engine subsystem; - GPU...
USN-8180-6 linux-raspi vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Drivers core; - Bluetooth drivers; - DMA engine subsystem; - GPU...
Casdoor 安全漏洞
Casdoor is an open-source platform developed by Casdoor, which supports various authentication and authorization protocols. There is a security vulnerability in Casdoor, caused by insufficient path cleaning. This vulnerability could allow authenticated attackers with administrator privileges to...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.20 contained security vulnerabilities. These vulnerabilities stemmed from security bypasses in the proxy’s config.patch and config.apply endpoints, which failed to protect...
PT-2026-39776
A denial of service issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to modify protected parts of the file system...
PT-2026-39696
Name of the Vulnerable Software and Affected Versions Python Liquid versions prior to 2.2.0 Description The built-in FileSystemLoader and CachingFileSystemLoader do not prevent reading files outside their designated search paths when an absolute path is provided. This allows malicious template...
Casdoor contains Arbitrary File Write vulnerability
Overview Casdoor contains an arbitrary file write vulnerability in the implementation of its "Local File System" storage provider. Due to insufficient sanitization of user-supplied paths, an authenticated user with file upload permissions can escape the intended storage directory and write files...
Unity Linux 20.1060e / 20.1070e Security Update: libgit2 (UTSA-2026-017579)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017579 advisory. An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may...
About the security content of visionOS 26.5
About the security content of visionOS 26.5 This document describes the security content of visionOS 26.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...
About the security content of macOS Sonoma 14.8.7
About the security content of macOS Sonoma 14.8.7 This document describes the security content of macOS Sonoma 14.8.7. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or release...
About the security content of macOS Sequoia 15.7.7
About the security content of macOS Sequoia 15.7.7 This document describes the security content of macOS Sequoia 15.7.7. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...
SUSE CVE-2026-43463
In the Linux kernel, the following vulnerability has been resolved: rxrpc, afs: Fix missing error pointer check after rxrpckernellookuppeer rxrpckernellookuppeer can also return error pointers in addition to NULL, so just checking for NULL is not sufficient. Fix this by: 1 Changing...