SUSE CVE-2026-43075

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix out-of-bounds write in ocfs2writeendinline KASAN reports a use-after-free write of 4086 bytes in ocfs2writeendinline, called from ocfs2writeendnolock during a copyfilerange splice fallback on a corrupted ocfs2 filesyst...

SUSE CVE-2026-43117

In the Linux kernel, the following vulnerability has been resolved: btrfs: tracepoints: get correct superblock from dentry in event btrfssyncfile If overlay is used on top of btrfs, dentry-dsb translates to overlay's super block and fsid assignment will lead to a crash. Use fileinodefile-isb to...

SUSE CVE-2026-43209

In the Linux kernel, the following vulnerability has been resolved: minix: Add required sanity checking to minixchecksuperblock The fs/minix implementation of the minix filesystem does not currently support any other value for slogzonesize than 0. This is also the only value supported in...

SUSE CVE-2026-43262

In the Linux kernel, the following vulnerability has been resolved: gfs2: fiemap page fault fix In gfs2fiemap, we are calling iomapfiemap while holding the inode glock. This can lead to recursive glock taking if the fiemap buffer is memory mapped to the same inode and accessing it triggers a page...

Directory Traversal

Overview github.com/rancher/rancher/pkg/nodeconfig is a complete container management platform Affected versions of this package are vulnerable to Directory Traversal via the compressedEndpoint field in a UIPlugin deployment. An attacker can overwrite binaries or configuration files, tamper with...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the compressedEndpoint field in a UIPlugin deployment. An attacker can overwrite binaries or configuration files, tamper with cluster state, or write to the host node filesystem by exploiting path traversal in th...

GHSA-5V3H-X4WF-5C35 Rancher Extensions have arbitrary file access via path traversal

Impact A vulnerability has been identified in Rancher's Extensions where malicious code can be injected in Rancher through a path traversal in the compressedEndpoint field inside a UIPlugin deployment. A malicious UI extension could abuse that to: - Overwrite Rancher binaries or configuration to...

Gotenberg has arbitrary PDF read via stampExpression and watermarkExpression in merge, split, and convert routes

Summary Six conversion routes pdfengines/merge, pdfengines/split, libreoffice/convert, chromium/convert/url, chromium/convert/html, chromium/convert/markdown accept stampSource=pdf + stampExpression=/path and watermarkSource=pdf + watermarkExpression=/path from anonymous callers. The dedicated...

CVE-2026-43268

A flaw was found in the HFS Plus hfsplus filesystem within the Linux kernel. This vulnerability occurs because the hfsplus filesystem incorrectly identifies certain special filesystem objects as regular files. This misclassification can lead to inconsistencies with how the operating system's...

CVE-2026-43262

A flaw was found in the Linux kernel's gfs2 filesystem. This vulnerability occurs when the gfs2fiemap function calls iomapfiemap while holding an inode glock a global lock for filesystem operations. If the fiemap buffer is memory mapped to the same inode and accessing it triggers a page fault, it...

CVE-2026-43249

A flaw was found in the Linux kernel's 9p/xen filesystem driver. A race condition can occur when the xenwatch thread and other back-end change notifications concurrently attempt to free the front-end state using the xen9pfsfrontfree function. This can lead to a double-free vulnerability, resultin...

@fails-components/jupyter-applet-view (>=0.0.1-alpha.3 <=0.0.1-alpha.18), @fails-components/jupyter-filesystem-extension (>=0.0.1-alpha.3 <=0.0.1-alpha.18) +3 more potentially affected by CVE-2026-42557 via @jupyterlab/help-extension (>=4.0.13 <=4.4.10)

@jupyterlab/help-extension NPM version =4.0.13, =0.0.1-alpha.3, =0.0.1-alpha.3, =0.0.1-alpha.3, =0.0.1-alpha.3, =0.2.0, =0.6.0-alpha.9 Source cves: CVE-2026-42557 Source advisory: SNYK:JS-JUPYTERLABHELPEXTENSION-16438961...

CVE-2026-43209

A flaw was found in the Linux kernel's minix filesystem implementation. The minixchecksuperblock function lacks proper sanity checks for superblock fields, including slogzonesize. This oversight could allow a local attacker to craft a malicious minix filesystem that, when mounted, may lead to a...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the Engine::error function. An attacker can obtain sensitive information, such as absolute filesystem paths, secrets embedded in exception messages, and internal module structure, by triggering an uncaught...

GHSA-QRCH-52M5-VV85 Flight vulnerable to sensitive information disclosure via default error handler

Summary The default error handler Engine::error writes the full exception message, exception code, and stack trace including absolute filesystem paths directly into the HTTP 500 response, with no debug gating. Production deployments leak internal paths, any secret interpolated into an exception...

Flight vulnerable to sensitive information disclosure via default error handler

Summary The default error handler Engine::error writes the full exception message, exception code, and stack trace including absolute filesystem paths directly into the HTTP 500 response, with no debug gating. Production deployments leak internal paths, any secret interpolated into an exception...

Duplicate Advisory: OpenClaw: OpenShell FS bridge reads pin and verify the opened file before returning bytes

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5h3g-6xhh-rg6p. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in the OpenShell filesystem bridge that...

GHSA-FRR5-J3MH-H9CH Duplicate Advisory: OpenClaw: OpenShell FS bridge reads pin and verify the opened file before returning bytes

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5h3g-6xhh-rg6p. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in the OpenShell filesystem bridge that...

EUVD-2026-28031

Insufficient validation of untrusted input in FileSystem in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Medium...

GHSA-GH9P-Q46P-57G2 phpMyFAQ: Path Traversal in Client::deleteClientFolder enables arbitrary directory deletion by non-super-admin admins

Summary Client::deleteClientFolder in phpmyfaq/src/phpMyFAQ/Instance/Client.php:583 takes a URL from the caller, strips the https:// prefix, and passes the remainder to Filesystem::deleteDirectory relative to the multisite clientFolder. No path-traversal validation runs. An admin with the...