SUSE CVE-2026-46256

In the Linux kernel, the following vulnerability has been resolved: NFS/localio: prevent direct reclaim recursion into NFS via nfswritepages LOCALIO is an NFS loopback mount optimization that avoids using the network for READ, WRITE and COMMIT if the NFS client and server are determined to be on...

CVE-2026-46251

A flaw was found in the Linux kernel's Btrfs filesystem. When the EXTENTTREEV2 incompatibility flag is enabled, the block group tree's dirty list can become corrupted. This corruption occurs because the block group tree is incorrectly added to a commit list while already being tracked, leading to...

CVE-2026-46256

In the Linux kernel, the following vulnerability has been resolved: NFS/localio: prevent direct reclaim recursion into NFS via nfswritepages LOCALIO is an NFS loopback mount optimization that avoids using the network for READ, WRITE and COMMIT if the NFS client and server are determined to be on...

EUVD-2026-34121

In the Linux kernel, the following vulnerability has been resolved: procfs: fix missing RCU protection when reading realparent in dotaskstat When reading /proc/pid/stat, dotaskstat accesses task-realparent without proper RCU protection, which leads to: cpu 0 cpu 1 ----- ----- dotaskstat var =...

CVE-2026-46256

In the Linux kernel, the following vulnerability has been resolved: NFS/localio: prevent direct reclaim recursion into NFS via nfswritepages LOCALIO is an NFS loopback mount optimization that avoids using the network for READ, WRITE and COMMIT if the NFS client and server are determined to be on...

Spring Framework Path Traversal in Functional Web Frameworks

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...

Homematic CCU3 - Local File Inclusion

eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem, aka local file inclusion. This vulnerability can be exploited by unauthenticated attackers with access to the web interface. id: CVE-2019-9726 info: name: Homematic CCU3 - Local...

SUSE CVE-2026-44740

Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficien...

EUVD-2021-34846

Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execu...

CVE-2025-70101

lwext4 1.0.0 exposes an out-of-bounds read in ext4_ext_binsearch_idx (src/ext4_extent.c) that can trigger denial of service when processing a crafted ext4 image. The vulnerability stems from insufficient validation of extent header fields prior to performing a binary search over extent index entr...

EUVD-2025-210055

An out-of-bounds read in the ext4extbinsearchidx function in src/ext4extent.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by supplying a specially crafted ext4 filesystem image. The vulnerability occurs due to insufficient validation of extent header fields before...

PT-2026-46022

In the Linux kernel, the following vulnerability has been resolved: procfs: fix missing RCU protection when reading real parent in do task stat When reading /proc/pid/stat, do task stat accesses task-real parent without proper RCU protection, which leads to: cpu 0 cpu 1 ----- ----- do task stat v...

PT-2026-46019

In the Linux kernel, the following vulnerability has been resolved: NFS/localio: prevent direct reclaim recursion into NFS via nfs writepages LOCALIO is an NFS loopback mount optimization that avoids using the network for READ, WRITE and COMMIT if the NFS client and server are determined to be on...

CVE-2026-10690

This CVE affects wonderwhy-er DesktopCommanderMCP 0.2.37. The vulnerability is in the readFileFromUrl function (src/tools/filesystem.ts, read_file component) where manipulating the url argument enables server-side request forgery. It can be triggered remotely and an exploit is publicly available....

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

Mlflow < 2.11.0 - Path Traversal

A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '' character can be used to insert a path into the fragment, effectively...

Linux Distros Unpatched Vulnerability : CVE-2026-44740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed...

📄 WebRemoteControl Unauthenticated Remote Filesystem Access

Proof of concept tool that demonstrates how WebRemoteControl suffers from unauthenticated remote filesystem access and potential remote code execution. ================================================================================================================================== | Title :...

CVE-2026-44740

Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficien...

UBUNTU-CVE-2026-44740

Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficien...