compressing 后置链接漏洞

Compressing is a compression and decompression tool library open sourced by nodemodules. Versions of compressing before 2.1.1 and 1.10.5 had a backlink vulnerability. This vulnerability stemmed from a flaw in the pure logical string validation within the isPathWithinParent tool, which failed to...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013070)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013070 advisory. In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix KMSAN uninit-value issue in hfsplusextcacheextent The syzbot reported issue in...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-013351)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013351 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/proc: taskmmu.c: don't read mapcount for migration entry The syzbot reported the below BUG:...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013075)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013075 advisory. In the Linux kernel, the following vulnerability has been resolved: jfs: fix uninitialized waitqueue in transaction manager The transaction manager initialization in...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013093)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013093 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: refresh inline data size before write operations The cached ei-iinlinesize can become stal...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011348)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011348 advisory. In the Linux kernel, the following vulnerability has been resolved: FS: JFS: Check for read-only mounted filesystem in txBegin This patch adds a check for read-only...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011169)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011169 advisory. In the Linux kernel, the following vulnerability has been resolved: blk-mq: release crypto keyslot before reporting I/O complete Once all I/O using a blkcryptokey ha...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013096)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013096 advisory. In the Linux kernel, the following vulnerability has been resolved: blk-mq: check kobject stateinsysfs before deleting in blkmqunregisterhctx In blkmqupdatenrhwqueue...

CVE-2026-40706

In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfsbuildpermissionsposix in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered on the READ path stat, readdir, open when...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013228)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013228 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race when deleting quota root from the dirty cow roots list When disabling quotas we a...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010968)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010968 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix information leak in f2fsmoveinlinedirents When converting an inline directory to a...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-010776)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010776 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: detect invalid INLINEDATA + EXTENTS flag combination syzbot reported a BUGON in...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013018)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013018 advisory. In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix invalid derefence of sblvbptr I experience issues when putting a lkbsb on the stack...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010812)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010812 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix uninititialized value in 'ext4evictinode' Syzbot found the following issue:...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011014)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011014 advisory. In the Linux kernel, the following vulnerability has been resolved: udf: Detect system inodes linked into directory hierarchy When UDF filesystem is corrupted, hidde...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011006)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011006 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix double free in userclusterconnect userclusterdisconnect frees conn-ccprivate which is ...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011408)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011408 advisory. In the Linux kernel, the following vulnerability has been resolved: hfs: fix KMSAN uninit-value issue in hfsfindsetzerobits The syzbot reported issue in...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006929)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006929 advisory. In the Linux kernel, the following vulnerability has been resolved: udf: Do not bother merging very long extents When merging very long extents we try to push as muc...

CVE-2026-41296 OpenClaw < 2026.3.31 - Sandbox Escape via TOCTOU Race in Remote FS Bridge readFile

OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesystem bridge readFile function that allows sandbox escape. Attackers can exploit the separate path validation and file read operations to bypass sandbox restrictions and read arbitrary files...

CVE-2026-41296 OpenClaw < 2026.3.31 - Sandbox Escape via TOCTOU Race in Remote FS Bridge readFile

OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesystem bridge readFile function that allows sandbox escape. Attackers can exploit the separate path validation and file read operations to bypass sandbox restrictions and read arbitrary files...