PT-2026-37568

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the hfs component where the use of BUG ON to detect overflows in next id, folder count, and file count within the super block info can be triggered if the MDB Master...

PT-2026-37527

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the XFS file system where a small freemap at the end of the xattr entries array can experience a size underflow during array expansion. This can result in zero-length...

PT-2026-37602

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the gfs2 fiemap function where iomap fiemap is called while the inode glock global lock is held. This can result in recursive glock acquisition if the fiemap buffer is...

PT-2026-38086

Name of the Vulnerable Software and Affected Versions HCL BigFix Service Management SM affected versions not specified Description HCL BigFix Service Management SM is susceptible to a root file system not mounted as read-only. An improperly configured root file system may allow unintended...

PT-2026-37549

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The fs/minix implementation of the minix filesystem lacks necessary sanity checking in the minix check superblock function. Specifically, it does not support any value for s log zone siz...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an overflow in the nlink function of the jfs file system’s jfsrename function. This vulnerability may...

Linux Distros Unpatched Vulnerability : CVE-2026-43209

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - minix: Add required sanity checking to minixchecksuperblock The fs/minix implementation of the minix filesystem does not currently support any other value for...

Linux Distros Unpatched Vulnerability : CVE-2026-43067

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ext4: handle wraparound when searching for blocks for indirect mapped blocks Commit...

Linux Distros Unpatched Vulnerability : CVE-2026-43075

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ocfs2: fix out-of-bounds write in ocfs2writeendinline KASAN reports a use-after-free write of 4086 bytes in ocfs2writeendinline, called from ocfs2writeendnolock...

PT-2026-38274

Name of the Vulnerable Software and Affected Versions Flight versions prior to 3.18.1 Description The default error handler Engine:: error writes the full exception message, exception code, and stack trace, including absolute filesystem paths, directly into the HTTP 500 response without debug...

PT-2026-37662

Name of the Vulnerable Software and Affected Versions NanoClaw affected versions not specified Description A host/container filesystem boundary issue exists in outbound attachment handling and outbox cleanup. A compromised or prompt-injected container can read files outside the intended outbox...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the incorrect setting of a special inode in hfsplus as of the SIFREG type, potentially leading to...

RHCOS 3 : OpenShift Container Platform 3.11.524 (RHSA-2021:3646)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3646 advisory. - kubernetes: Symlink exchange can allow host filesystem access CVE-2021-25741 Note that Nessus has not tested for this issue but has instead...

EUVD-2026-27363

In the Linux kernel, the following vulnerability has been resolved: ext4: always drain queued discard work in ext4mbrelease While reviewing recent ext4 patch1, Sashiko raised the following concern2: If the filesystem is initially mounted with the discard option, deleting files will populate...

EUVD-2026-27368

In the Linux kernel, the following vulnerability has been resolved: ext4: handle wraparound when searching for blocks for indirect mapped blocks Commit 4865c768b563 "ext4: always allocate blocks only from groups inode can use" restricts what blocks will be allocated for indirect block based files...

GHSA-9WHX-C884-C68Q Langflow Knowledge Bases API is Vulnerable to Path Traversal

Summary Langflow is vulnerable to Path Traversal in the Knowledge Bases API DELETE /api/v1/knowledgebases. This occurs because user-supplied knowledge base names are concatenated directly into file paths without proper sanitization or boundary validation. An authenticated attacker can exploit thi...

Langflow Knowledge Bases API is Vulnerable to Path Traversal

Summary Langflow is vulnerable to Path Traversal in the Knowledge Bases API DELETE /api/v1/knowledgebases. This occurs because user-supplied knowledge base names are concatenated directly into file paths without proper sanitization or boundary validation. An authenticated attacker can exploit thi...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the fileName parameter during a file upload operation. An attacker can bypass intended storage boundaries and write arbitrary files to any location on the host filesystem accessible by the Java process by supplyi...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the fileName parameter during a file upload operation. An attacker can bypass intended storage boundaries and write arbitrary files to any location on the host filesystem accessible by the Java process by supplyi...

CVE-2026-43066

CVE-2026-43066: In Linux kernel ext4_fc_replay_inode(), iloc.bh leak could occur on error paths due to missing brelse at several failure points. The patch adds an out_brelse label before the existing out label to ensure iloc.bh is released, and also makes ext4_fc_replay_inode() propagate errors i...