CVE-2026-24129 Runtipi is Vulnerable to Authenticated Arbitrary Remote Code Execution

Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server by injecting shell metacharacters into backup filenames. The BackupManage...

CVE-2026-24129

Runtipi (Docker-based homeserver) versions 3.7.0+ are vulnerable to authenticated arbitrary command execution via shell metacharacters injected into backup filenames. The BackupManager stores uploaded backups using the raw originalname on the host filesystem, allowing an attacker to stage a file ...

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

Security update for python3

This update for python3 fixes the following issues: Security fixes: CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter="data" bsc1244032 CVE-2025-4330: Fixed extraction filter bypass for linking outside extraction directory bsc1244060...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21667)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21667 advisory. - In the Linux kernel, the following vulnerability has been resolved: iomap: avoid avoid truncating 64-bit...

Azure Linux 3.0 Security Update: kernel (CVE-2024-40951)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-40951 advisory. - In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix NULL pointer dereference in...

Azure Linux 3.0 Security Update: libcontainers-common (CVE-2024-1753)

The version of libcontainers-common installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-1753 advisory. - A flaw was found in Buildah and subsequently Podman Build which allows containers to mount...

PT-2026-4303

Name of the Vulnerable Software and Affected Versions Runtipi versions 3.7.0 through 4.6.9 Description Runtipi is a Docker-based, personal homeserver orchestrator. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server. This occurs because the...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37858)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37858 advisory. - In the Linux kernel, the following vulnerability has been resolved: fs/jfs: Prevent integer overflow in AG...

Azure Linux 3.0 Security Update: kernel (CVE-2024-42315)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42315 advisory. - In the Linux kernel, the following vulnerability has been resolved: exfat: fix potential deadlock on...

CVE-2026-24046

Backstage CVE-2026-24046 centers on a symlink-based path traversal in Scaffolder actions and archive extraction. Affected components include @backstage/backend-defaults, @backstage/plugin-scaffolder-backend, and @backstage/plugin-scaffolder-node; attackers with template-creation/execution access ...

CVE-2026-23986 Copier safe template has arbitrary filesystem write access via directory symlinks when _preserve_symlinks: true

Copier is a library and CLI app for rendering project templates. Prior to version 9.11.2, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it...

EUVD-2026-4141

Copier safe template has arbitrary filesystem write access via directory symlinks when preservesymlinks: true...

Copier safe template has arbitrary filesystem read access via symlinks when _preserve_symlinks: false

Impact Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it turns out, a safe template can currently include arbitrary files/directories outsid...

EUVD-2026-4142

Copier safe template has arbitrary filesystem read access via symlinks when preservesymlinks: false...

SUSE-SU-2026:20116-1 Security update for podman

This update for podman fixes the following issues: - CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files bsc1252376. - CVE-2025-9566: kube play command may overwrite host files bsc1249154...

Swing Music has a Directory Traversal & Filesystem can be accessed by a non-admin user

Summary Swing Music's listfolders function in the /folder/dir-browser endpoint is vulnerable to directory traversal attacks. Any authenticated user including non-admin can browse arbitrary directories on the server filesystem. Details The @api.post"/dir-browser" endpoint lacks proper path...

GHSA-PJ88-9XWW-GXMH Swing Music has a Directory Traversal & Filesystem can be accessed by a non-admin user

Summary Swing Music's listfolders function in the /folder/dir-browser endpoint is vulnerable to directory traversal attacks. Any authenticated user including non-admin can browse arbitrary directories on the server filesystem. Details The @api.post"/dir-browser" endpoint lacks proper path...

EUVD-2026-3284

Swing Music has a Directory Traversal & Filesystem can be accessed by a non-admin user...

SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality

Summary The SiYuan Note application v3.5.3 contains a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the application's workspace without proper path validation Details The...