EUVD-2025-206698

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 2200, 1330, 1380, 1480, 1580, W920, W930, and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/uapsd write operation, leading to kerne...

PT-2026-6368

A Path Traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious APK package e.g., via a compromised or typosquatted repository could create directories or symlinks outside the intended installation root. The MkdirAll, Mkdir, and Symlink...

apko has a path traversal in apko dirFS which allows filesystem writes outside base

A Path Traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious APK package e.g., via a compromised or typosquatted repository could create directories or symlinks outside the intended installation root. The MkdirAll, Mkdir, and Symlink...

PT-2026-5829

i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allows authenticated attackers to delete arbitrary files by manipulating the delete import parameter. Attackers can send a POST request to the import module with a crafted filename to remove files from...

CVE-2025-69430

CVE-2025-69430 describes an Incorrect Symlink Follow vulnerability affecting multiple Yottamaster NAS devices (DM2 up to V1.9.12, DM3 up to V1.9.12, DM200 up to V1.2.23). An attacker could format a USB drive as ext4, create a symbolic link to the USB root, insert the drive, and access the symlink...

CVE-2025-58346

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/sendaddts write operation, leading to kernel...

CVE-2025-69431

The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link following. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the NAS device's slot, and then access the USB drive's directory mounted on the NAS using the Sam...

GHSA-MC68-Q9JW-2H3V OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable

Summary A Command Injection vulnerability existed in Clawdbot’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An authenticated user able to control environment variables could influence command execution within the...

kernel: Linux kernel erofs: Use-After-Free due to device type mismatch

A flaw was found in the Linux kernel's erofs filesystem. A local attacker could exploit a use-after-free UAF vulnerability by mounting an erofs filesystem with a specific configuration where the primary and extra devices have mismatched types. This improper handling of device initialization error...

CLSA-2026-1770028389 kernel: Fix of 14 CVEs

efivarfs: Fix slab-out-of-bounds in efivarfsdcompare CVE-2025-39817 - scsi: ses: Fix possible descptr out-of-bounds accesses CVE-2023-53675 - ipv6: Fix out-of-bounds access in ipv6findtlv CVE-2023-53705 - libceph: fix potential use-after-free in havemonandosdmap CVE-2025-68285 - scsi: lpfc: Fix...

kernel: Linux kernel: Use-after-free in proc_readdir_de() can lead to privilege escalation or denial of service.

A flaw was found in the Linux kernel. This use-after-free UAF vulnerability occurs in the procreaddirde function within the /proc filesystem. A local attacker with low privileges can exploit this by concurrently traversing specific directories while network devices are unregistered. This can lead...

kernel: Linux kernel: Use-after-free in proc_readdir_de() can lead to privilege escalation or denial of service.

A flaw was found in the Linux kernel. This use-after-free UAF vulnerability occurs in the procreaddirde function within the /proc filesystem. A local attacker with low privileges can exploit this by concurrently traversing specific directories while network devices are unregistered. This can lead...

kernel: Linux kernel: Use-after-free in proc_readdir_de() can lead to privilege escalation or denial of service.

A flaw was found in the Linux kernel. This use-after-free UAF vulnerability occurs in the procreaddirde function within the /proc filesystem. A local attacker with low privileges can exploit this by concurrently traversing specific directories while network devices are unregistered. This can lead...

EulerOS Virtualization 2.10.0 : grub2 (EulerOS-SA-2026-1170)

According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : GNU GRUB aka GRUB2 through 2.12 does not use a constant-time algorithm for grubcryptomemcmp and thus allows side-channel...

CVE-2026-25152

Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, a path traversal vulnerability in the TechDocs local generator allow...

CVE-2025-15543

Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access read‑only access to system files...

kernel security update

3.10.0-1160.119.1.0.16 - net: sched: sfb: fix null pointer access issue when sfbinit fails CVE-2022-50356 Orabug: 38790244 - fs: fix UAF/GPF bug in nilfsmdtdestroy CVE-2022-50367 Orabug: 38790244 - iomap: iomap: fix memory corruption when recording CVE-2022-50406 Orabug: 38790244 - mm: fix zswap...

FreeBSD : FreeBSD -- Jail escape by a privileged user via nullfs (90071333-fbe5-11f0-a13f-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 90071333-fbe5-11f0-a13f-bc241121aa0a advisory. By default, jailed processes cannot mount filesystems, including nullfs4. However, the allow.mount.null...

USN-7986-1 linux vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Ceph distributed file system; - JFFS2 file system; - Timer subsystem; - USB sound devices; CVE-2024-26689,...

CVE-2026-25116

Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...