Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005641)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005641 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix leaking uninitialized memory in fast-commit journal When space at the end of fast-commi...

GHSA-79PF-VX4X-7JMM File Browser's TUS Delete Endpoint Bypasses Delete Permission Check

Summary A broken access control vulnerability in the TUS protocol DELETE endpoint allows authenticated users with only Create permission to delete arbitrary files and directories within their scope, bypassing the intended Delete permission restriction. Any multi-user deployment where administrato...

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

EUVD-2026-9405

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid mapping wrong physical block for swapfile Xiaolong Guo reported a f2fs bug in bugzilla 1 1 https://bugzilla.kernel.org/showbug.cgi?id=220951 Quoted: "When using stress-ng's swap stress test on F2FS filesystem...

EUVD-2026-9406

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fswriteendio As syzbot reported an use-after-free issue in f2fswriteendio. It is caused by below race condition: loop device umount - workerthread - loopprocesswork - doreqfilebacked - lorwaio -...

CVE-2026-23235

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix out-of-bounds access in sysfs attribute read/write Some f2fs sysfs attributes suffer from out-of-bounds memory access and incorrect handling of integer values whose size is not 4 bytes. For example: vm: echo 65537...

DEBIAN-CVE-2026-23233

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid mapping wrong physical block for swapfile Xiaolong Guo reported a f2fs bug in bugzilla 1 1 https://bugzilla.kernel.org/showbug.cgi?id=220951 Quoted: "When using stress-ng's swap stress test on F2FS filesystem...

CVE-2026-23234

CVE-2026-23234 affects the Linux kernel F2FS subsystem. A use-after-free can occur in f2fs_write_end_io() due to a race with kill_f2fs_super freeing sbi before writeback complete, allowing access to freed sbi during page cache/inode cleanup. The published fix relocates the checkpoint thread wakeu...

USN-8070-2 linux-aws, linux-lts-xenial vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - x86 architecture; - MMC subsystem; - Network drivers; - USB Device Class drivers; - BTRFS file system; - File syste...

USN-8070-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - x86 architecture; - MMC subsystem; - Network drivers; - USB Device Class drivers; - BTRFS file system; - File syste...

SUSE CVE-2026-24834

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. In versions prior to 3.27.0, an issue in Kata with Cloud Hypervisor allows a user of the container to modify the file system used by the Guest micro VM...

PT-2026-22920

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description The Linux kernel contains a use-after-free issue in the f2fs write end io function. This issue occurs due to a race condition where memory associated with the superblock sbi is freed whi...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005523)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005523 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix idatasem unlock order in ext4indmigrate Fuzzing reports a possible deadlock in...

Arbitrary Code Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Arbitrary Code Injection via the transform module path resolution process. An attacker can execute arbitrary JavaScript code with gateway-process privileges by causing a symlinked entry t...

GHSA-V47Q-JXVR-P68X Craft CMS Vulnerable to Authenticated RCE via "craft.app.fs.write()" in Twig Templates

Summary An authenticated administrator can achieve Remote Code Execution RCE by injecting a Server-Side Template Injection SSTI payload into Twig template fields e.g., Email Templates. By calling the craft.app.fs.write method, an attacker can write a malicious PHP script to a web-accessible...

Craft CMS Vulnerable to Authenticated RCE via "craft.app.fs.write()" in Twig Templates

Summary An authenticated administrator can achieve Remote Code Execution RCE by injecting a Server-Side Template Injection SSTI payload into Twig template fields e.g., Email Templates. By calling the craft.app.fs.write method, an attacker can write a malicious PHP script to a web-accessible...

kernel: Linux kernel: Use-after-free in proc_readdir_de() can lead to privilege escalation or denial of service.

A flaw was found in the Linux kernel. This use-after-free UAF vulnerability occurs in the procreaddirde function within the /proc filesystem. A local attacker with low privileges can exploit this by concurrently traversing specific directories while network devices are unregistered. This can lead...

kernel: Linux kernel: Memory corruption in Squashfs due to incorrect block size calculation

A flaw was found in the Linux kernel's Squashfs filesystem. A local attacker can exploit this vulnerability by simultaneously mounting a Squashfs filesystem and issuing a specific input/output control ioctl command. This can lead to an incorrect block size calculation, causing a shift-out-of-boun...

BentoML Vulnerable to Arbitrary File Write via Symlink Path Traversal in Tar Extraction

Arbitrary File Write via Symlink Path Traversal in Tar Extraction Summary The safeextracttarfile function validates that each tar member's path is within the destination directory, but for symlink members it only validates the symlink's own path, not the symlink's target. An attacker can create a...

CVE-2026-3344

A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.This issue affects Fireware OS 12.0 up to and including 12.11.7, 12.5.9 up to and including...