Improper Link Resolution

kubevirt.io/kubevirt is vulnerable to improper link resolution. The vulnerability is due to lack of verification of whether the launcher-sock is a symlink or regular file, which allows an attacker with control over the virt-launcher pod file system to manipulate file ownership on the host and...

CVE-2026-35484

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadpreset allows reading any .yaml file on the server filesystem. The parsed YAML key-value pairs including passwords, API keys, connection...

CVE-2025-24819 A Relative Path Traversal vulnerability in Nokia MantaRay NM

Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application...

CVE-2026-35492 Kedro-Datasets has a path traversal vulnerability in PartitionedDataset allows arbitrary file write

Kedro-Datasets is a Kendo plugin providing data connectors. Prior to 9.3.0, PartitionedDataset in kedro-datasets was vulnerable to path traversal. Partition IDs were concatenated directly with the dataset base path without validation. An attacker or malicious input containing .. components in a...

CVE-2026-35492

Kedro-Datasets is a Kendo plugin providing data connectors. Prior to 9.3.0, PartitionedDataset in kedro-datasets was vulnerable to path traversal. Partition IDs were concatenated directly with the dataset base path without validation. An attacker or malicious input containing .. components in a...

CVE-2026-35487 text-generation-webui has a Path Traversal in load_prompt() — .txt file read without authentication

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadprompt allows reading any .txt file on the server filesystem. The file content is returned verbatim in the API response. This vulnerability...

CVE-2026-35487

text-generation-webui (open-source web interface for LLMs) before version 4.3 is affected by an unauthenticated path traversal in load_prompt(), allowing reading any .txt file on the server and returning its contents in the API response. Impact is limited to read access of server-side .txt files;...

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput in fremovexattr error path CVE-2024-14027 In the Linux kernel, the following vulnerability has been resolved: audit: add fchmodat2 to change attributes class CVE-2025-71239 In the Linux...

Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1543)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1543 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput in fremovexattr error path CVE-2024-14027 In the Linux kernel, the following vulnerability has been...

ROS-20260407-73-0005

A vulnerability in the ext4igetextrainode function of the fs/ext4/inode.c module of the Ext4 file system of the Linux kernel is related to the reuse of previously freed memory. Exploitation of the vulnerability may allow an intruder to gain access to protected information or cause a denial of...

CVE-2026-35452

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/CloneSite/client.log.php endpoint serves the clone operation log file without any authentication. Every other endpoint in the CloneSite plugin directory enforces User::isAdmin. The log contains internal filesyste...

CVE-2026-35452

WWBN AVideo (versions 26.0 and prior) is affected by CVE-2026-35452 due to unauthenticated access to CloneSite/plugin/CloneSite/client.log.php, which serves clone operation logs containing internal filesystem paths, remote server URLs, and SSH metadata. The vulnerability arises because this endpo...

Incorrect Behavior Order: Validate Before Canonicalize

Overview vite-plus is a The Unified Toolchain for the Web Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize through the server.fs.deny component. An attacker can access sensitive files by appending specific query parameters such as ?raw,...

GHSA-V2WJ-Q39Q-566R Vite: `server.fs.deny` bypassed with queries

Summary The contents of files that are specified by server.fs.deny can be returned to the browser. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - the sensitive file exists in th...

CVE-2026-31410

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use volume UUID in FSOBJECTIDINFORMATION Use sb-suuid for a proper volume identifier as the primary choice. For filesystems that do not provide a UUID, fall back to stfs.ffsid obtained from vfsstatfs...

UBUNTU-CVE-2026-31410

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use volume UUID in FSOBJECTIDINFORMATION Use sb-suuid for a proper volume identifier as the primary choice. For filesystems that do not provide a UUID, fall back to stfs.ffsid obtained from vfsstatfs...

CVE-2026-31410

CVE-2026-31410 has concrete patch evidence across multiple OSV entries. Root-OS shows Root:Ubuntu-24.04 and Root:Ubuntu-22.04 patched in the rootio-linux package, with multiple fixed versions available. Debian-backed advisories also indicate Linux kernel vulnerabilities including CVE-2026-31410 a...

CVE-2026-31410 ksmbd: use volume UUID in FS_OBJECT_ID_INFORMATION

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use volume UUID in FSOBJECTIDINFORMATION Use sb-suuid for a proper volume identifier as the primary choice. For filesystems that do not provide a UUID, fall back to stfs.ffsid obtained from vfsstatfs...

CVE-2026-31410

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use volume UUID in FSOBJECTIDINFORMATION Use sb-suuid for a proper volume identifier as the primary choice. For filesystems that do not provide a UUID, fall back to stfs.ffsid obtained from vfsstatfs...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of non-UUID volumes, potentially leading to the provision of inappropriate file system...