CVE-2026-43408

A flaw was found in the Ceph file system component of the Linux kernel. This vulnerability arises from the failure to properly initialize a data structure cephpathinfo before its use, specifically when the cephmdscbuildpath function is called. This oversight can lead to system instability and...

Open WebUI Vulnerable to Arbitrary File Upload and Path Traversal

CONFIDENTIAL KL-CAN-2024-002 Vulnerability Details | | Field | Value | |---|-------|-------| | 1 | Discoverer | Jaggar Henry & Sean Segreti of KoreLogic, Inc. | | 2 | Date Submitted | 2024.03.12 | | 3 | Title | Open WebUI Arbitrary File Upload + Path Traversal | | 5 | Affected Vendor | Open WebUI...

CVE-2026-7964

An insufficient validation of untrusted input flaw was found in the FileSystem component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497254383...

CVE-2026-42351

CVE-2026-42351 affects pygeoapi prior to 0.23.3. A raw string path concatenation vulnerability in the STAC FileSystemProvider can allow requests to STAC collection based resources to expose directories without authentication, when deployed without URL-normalizing proxies and with a stac-collectio...

CVE-2026-42351

pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, a raw string path concatenation vulnerability in pygeoapi's STAC FileSystemProvider plugin can allow for requests to STAC collection based collections to expose directories...

CVE-2026-42351 pygeoapi: Path Traversal in STAC FileSystemProvider

pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, a raw string path concatenation vulnerability in pygeoapi's STAC FileSystemProvider plugin can allow for requests to STAC collection based collections to expose directories...

CVE-2026-43365

A flaw was found in the Linux kernel's XFS filesystem. This vulnerability arises when the filesystem superblock, which contains critical metadata, does not correctly specify a log stripe unit. This can lead to undersized log roundoff values, causing log corruption. A local attacker could...

CVE-2026-43359

A flaw was found in the Linux kernel's Btrfs file system. A local malicious user, who owns a subvolume, can exploit an item overflow vulnerability when repeatedly calling the set received ioctl with the same received UUID field for multiple subvolumes. This can trigger a transaction abort, leadin...

CVE-2026-43358

A flaw was found in the Linux kernel's btrfs filesystem. A missing Read-Copy Update RCU unlock in an error path within the tryreleasesubpageextentbuffer function could lead to system instability. This issue, identified by a thread-safety analyzer, may result in a denial of service condition,...

CVE-2026-43299

A flaw was found in the Linux kernel's btrfs filesystem. When the filesystem encounters an out-of-space ENOSPC error and transitions to a read-only state, a pending read repair operation can trigger an assertion failure within the btrfsrepairiofailure function. This issue can lead to a kernel...

CVE-2026-43288

A flaw was found in the Linux kernel's ext4 filesystem. A local user can trigger a system panic, leading to a Denial of Service DoS, by mounting a specially crafted ext4 filesystem with specific quota and project options. This occurs because a per-CPU counter is accessed before it is properly...

EUVD-2026-28725

In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leaks in cephmdscbuildpath Add putname calls to error code paths that did not free the "path" pointer obtained by getname. If ownership of this pointer is not passed to the caller via pathinfo.path, the function...

EUVD-2026-28714

In the Linux kernel, the following vulnerability has been resolved: ceph: add a bunch of missing cephpathinfo initializers cephmdscbuildpath must be called with a zero-initialized cephpathinfo parameter, or else the following cephmdscfreepathinfo may crash. Example crash on Linux 6.18.12:...

EUVD-2026-28671

In the Linux kernel, the following vulnerability has been resolved: xfs: fix undersized liclogroundoff values If the superblock doesn't list a log stripe unit, we set the incore log roundoff value to 512. This leads to corrupt logs and unmountable filesystems in generic/617 on a disk with 4k...

EUVD-2026-28558

In the Linux kernel, the following vulnerability has been resolved: ext4: move ext4percpuparaminit before ext4mbinit When running kvm-xfstests -c ext4/1k -C 1 generic/383 with the DOUBLECHECK macro defined, the following panic is triggered:...

CVE-2026-43472

In the Linux kernel, the following vulnerability has been resolved: unshare: fix unsharefs handling There's an unpleasant corner case in unshare2, when we have a CLONENEWNS in flags and current-fs hadn't been shared at all; in that case copymntns gets passed current-fs instead of a private copy,...

UBUNTU-CVE-2026-43472

In the Linux kernel, the following vulnerability has been resolved: unshare: fix unsharefs handling There's an unpleasant corner case in unshare2, when we have a CLONENEWNS in flags and current-fs hadn't been shared at all; in that case copymntns gets passed current-fs instead of a private copy,...

CVE-2026-43403

In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for ns iteration ioctls Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use mayseeallnamespaces...

CVE-2026-43371

In the Linux kernel, the following vulnerability has been resolved: net: macb: Shuffle the tx ring before enabling tx Quanyang observed that when using an NFS rootfs on an AMD ZynqMp board, the rootfs may take an extended time to recover after a suspend. Upon investigation, it was determined that...

UBUNTU-CVE-2026-43365

In the Linux kernel, the following vulnerability has been resolved: xfs: fix undersized liclogroundoff values If the superblock doesn't list a log stripe unit, we set the incore log roundoff value to 512. This leads to corrupt logs and unmountable filesystems in generic/617 on a disk with 4k...