Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001194)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001194 advisory. An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in...

CVE-2025-9142

CVE-2025-9142 concerns Harmony SASE Windows Client. Local users can trigger the client to write or delete files outside the intended certificate working directory due to insufficient validation in certificate processing before privileged service use. Symptoms described by Check Point indicate exp...

CVE-2023-29268

The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s...

CVE-2025-62842

An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read or modify files or directories. We have already fixed the vulnerability in the following version:...

CVE-2025-62842

An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read or modify files or directories. We have already fixed the vulnerability in the following version:...

CVE-2025-62842

An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read or modify files or directories. We have already fixed the vulnerability in the following version:...

CVE-2025-62842 HBS 3 Hybrid Backup Sync

An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read or modify files or directories. We have already fixed the vulnerability in the following version:...

CVE-2025-62842 HBS 3 Hybrid Backup Sync

An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read or modify files or directories. We have already fixed the vulnerability in the following version:...

CVE-2025-62842

CVE-2025-62842 affects HBS 3 Hybrid Backup Sync. The issue is an external control of file name or path vulnerability. If an attacker gains local network access, they can read or modify files or directories. A fix is available in HBS 3 Hybrid Backup Sync version 26.2.0.938 and later (per multiple ...

QNAP Systems HBS 3 Hybrid Backup Sync 安全漏洞

QNAP Systems HBS 3 Hybrid Backup Sync is a backup and synchronization tool from QNAP Systems Taiwan, China. A security vulnerability exists in QNAP Systems HBS 3 Hybrid Backup Sync that originates from external control of file names or paths, which could result in reading or modifying files or...

Directory Traversal

Overview chainlit is a Build Conversational AI. Affected versions of this package are vulnerable to Directory Traversal via the updatethreadelement and deletethreadelement handlers in backend/chainlit/server.py. An authenticated attacker can read arbitrary files from the server by sending a craft...

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource when handling attachments. An attacker can modify or delete files belonging to other users by sending crafted requests with low-level privileges. Remediation Upgrade...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

CVE-2025-58097

The installation directory of LogStare Collector is configured with incorrect access permissions. A non-administrative user may manipulate files within the installation directory and execute arbitrary code with the administrative privilege...

PT-2025-47666

Name of the Vulnerable Software and Affected Versions LogStare Collector affected versions not specified Description The installation directory of LogStare Collector is configured with incorrect access permissions. A non-administrative user may manipulate files within the installation directory a...

CVE-2025-36357

IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitrary files on the system...

Synology Contacts for DSM 跨站脚本漏洞

Synology Contacts for DSM is a contact server provided by the Chinese company Synology. There is a security vulnerability in Synology Contacts for DSM, which allows attackers to bypass access restrictions and read or modify files...

Malicious code in typeorm-csv-troposphere-socketio (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e73547aa88679589280af7f97832cc643441c415a7b0c69aa00448db76023b7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187143 Malicious code in gemini-query-adonis-request (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88dc675516f0b833eb0fe5dc36d4860582128956738b97d038115774134b5bf4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-181617 Malicious code in astam-ifit-dabzai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9079b408c8588105c56db9d5b6f660fd8dd844abd6ad448e4620f9c83670e7eb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...