EUVD-2026-34121

In the Linux kernel, the following vulnerability has been resolved: procfs: fix missing RCU protection when reading realparent in dotaskstat When reading /proc/pid/stat, dotaskstat accesses task-realparent without proper RCU protection, which leads to: cpu 0 cpu 1 ----- ----- dotaskstat var =...

CVE-2026-46256

In the Linux kernel, the following vulnerability has been resolved: NFS/localio: prevent direct reclaim recursion into NFS via nfswritepages LOCALIO is an NFS loopback mount optimization that avoids using the network for READ, WRITE and COMMIT if the NFS client and server are determined to be on...

Security update 5.0.8 for Multi-Linux Manager Client Tools, Salt Bundle and Salt

This update fixes the following issues: golang-github-prometheus-nodeexporter: Version 1.10.2: meminfo: Fix typo in Zswap metric name Version 1.10.1: filesystem: Fix mount points being collected multiple times filesystem: Refactor mountinfo parsing bsc1261810 meminfo: Add Zswap/Zswapped metrics...

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

SUSE CVE-2026-44740

Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficien...

EUVD-2021-34846

Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execu...

EUVD-2025-210055

An out-of-bounds read in the ext4extbinsearchidx function in src/ext4extent.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by supplying a specially crafted ext4 filesystem image. The vulnerability occurs due to insufficient validation of extent header fields before...

CVE-2025-70101

lwext4 1.0.0 exposes an out-of-bounds read in ext4_ext_binsearch_idx (src/ext4_extent.c) that can trigger denial of service when processing a crafted ext4 image. The vulnerability stems from insufficient validation of extent header fields prior to performing a binary search over extent index entr...

PT-2026-46022

In the Linux kernel, the following vulnerability has been resolved: procfs: fix missing RCU protection when reading real parent in do task stat When reading /proc/pid/stat, do task stat accesses task-real parent without proper RCU protection, which leads to: cpu 0 cpu 1 ----- ----- do task stat v...

Linux Distros Unpatched Vulnerability : CVE-2026-46194

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - f2fs: fix nodecnt race between extent node destroy and writeback f2fsdestroyextentnode does not set FINOEXTENT before clearing extent nodes. When called from...

PT-2026-46019

In the Linux kernel, the following vulnerability has been resolved: NFS/localio: prevent direct reclaim recursion into NFS via nfs writepages LOCALIO is an NFS loopback mount optimization that avoids using the network for READ, WRITE and COMMIT if the NFS client and server are determined to be on...

CVE-2026-10690

This CVE affects wonderwhy-er DesktopCommanderMCP 0.2.37. The vulnerability is in the readFileFromUrl function (src/tools/filesystem.ts, read_file component) where manipulating the url argument enables server-side request forgery. It can be triggered remotely and an exploit is publicly available....

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

PT-2026-46415

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue in FileSystem allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. Use after free is a memory corruption flaw that occur...

Linux Distros Unpatched Vulnerability : CVE-2026-44740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed...

📄 WebRemoteControl Unauthenticated Remote Filesystem Access

Proof of concept tool that demonstrates how WebRemoteControl suffers from unauthenticated remote filesystem access and potential remote code execution. ================================================================================================================================== | Title :...

PT-2026-46460

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue in FileSystem allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. Use after free is a memory corruption flaw that occur...

CVE-2026-44740

Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficien...

UBUNTU-CVE-2026-44740

Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficien...

EUVD-2026-33663

Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficien...