CVE-2026-43066

In the Linux kernel, the following vulnerability has been resolved: ext4: fix iloc.bh leak in ext4fcreplayinode error paths During code review, Joseph found that ext4fcreplayinode calls ext4getfcinodeloc to get the inode location, which holds a reference to iloc.bh that must be released via brels...

CLSA-2026-1777946242 php: Fix of 13 CVEs

CVE-2018-14883: fix int overflow leading to heap overflow in exifthumbnailextract - CVE-2019-6977: fix imagecolormatch out-of-bounds write on heap in GD - CVE-2019-9022: fix memcpy with negative length via crafted DNS response - CVE-2019-9640: fix invalid read in exifprocessSOFn - CVE-2019-11042:...

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a vulnerability related to input validation errors. This vulnerability stemmed from insufficient input validation by the FileSystem, which could allow remote attackers to execute...

PT-2026-37068

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ext4 filesystem where pending discard work is not properly handled during remounting. If a filesystem is initially mounted with the discard option and files are...

PT-2026-37066

In the Linux kernel, the following vulnerability has been resolved: xfs: don't irele after failing to iget in xfs attri recover work xlog recovery iget never set @ip to a valid pointer if they return an error, so this irele will walk off a dangling pointer. Fix that...

OpenClaw: OpenShell FS bridge reads pin and verify the opened file before returning bytes

Summary OpenShell FS bridge reads pin and verify the opened file before returning bytes Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.4.21 - Fixed version: 2026.4.22 Impact A time-of-check/time-of-use race around OpenShell sandbox filesystem reads could let a...

GHSA-5H3G-6XHH-RG6P OpenClaw: OpenShell FS bridge reads pin and verify the opened file before returning bytes

Summary OpenShell FS bridge reads pin and verify the opened file before returning bytes Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.4.21 - Fixed version: 2026.4.22 Impact A time-of-check/time-of-use race around OpenShell sandbox filesystem reads could let a...

CVE-2026-41686 Claude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory Tool

Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.91.1, the BetaLocalFilesystemMemoryTool in the Anthropic TypeScript SDK created memory files and directories using the Node.js default modes...

Exploit for CVE-2025-40271

🔴 CVE-2025-40271: Vulnerabilidad Crítica de Uso-After-Free en...

PT-2026-38245

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.22 Description A time-of-check/time-of-use TOCTOU race condition exists in OpenShell sandbox filesystem writes. This flaw allows attackers to use symlink swaps during filesystem operations to bypass sandbox...

PT-2026-37204

Name of the Vulnerable Software and Affected Versions AzuraCast versions prior to 0.23.6 Description An issue exists in the Flow.js media upload endpoint 'POST /api/station/station id/files/upload' where the currentDirectory request parameter is not sanitized for path traversal sequences. When...

Linux Kernel proc_readdir_de() 6.18-rc5 - Local Privilege Escalation

Exploit Title: Linux Kernel procreaddirde 6.18-rc5 - Local Privilege Escalation CVE: CVE-2025-40271 Date: 2026-03-19 Exploit Author: Aviral Srivastava Vendor: Linux Kernel kernel.org Affected: 3.14+ through 6.18-rc5 bug predates version tracking Fixed in stable: 5.10.247, 6.1.159, 6.12.73, 6.18-r...

PT-2026-38246

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.22 Description A time-of-check/time-of-use TOCTOU race condition exists in the OpenShell filesystem bridge. This issue allows attackers to use symlink swaps during filesystem operations to bypass sandbox...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ext4: Do not create EA inodes under the buffer lock The ext4xattrsetentry function creates new EA inodes while holding the buffer lock on the external xattr block. This is problematic because all allocation-related locking...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: Fixed an error in counting reservedcblocks when there is no space available. When a file requires only one directnode, performing the following operations will cause the file to become unrecoverable: bash unisoc...

Astra Linux - уязвимость в linux

A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well a...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: nfsd: Fixed the reference count leak in nfsdsetfhdentry. nfsd exports a “pseudo root filesystem” which is used by NFSv4 to find the various exported filesystems using LOOKUP requests from a known root filehandle. NFSv3 uses th...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: f2fs: fixed scheduling issues during atomic decompression operations 16.945668 C0 Call trace: 16.945678 C0 dumpbacktrace+0x110/0x204 16.945706 C0 dumpstacklvl+0x84/0xbc 16.945735 C0 schedulebug+0xb8/0x1ac 16.945756 C0...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ovl: Use the “buf” flexible array as the destination for memcpy. The “buf” flexible array must be used as the destination for memcpy to avoid false positive run-time warnings caused by the recent FORTIFYSOURCE hardening measures:...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ovl: fixed null pointer dereference in ovlgetaclrcu The following processes are involved: P1 P2 pathopenat linkpathwalk maylookup inodepermissionrcu ovlpermission aclpermissioncheck checkacl getcachedaclrcu ovlget inodeacl...