21825 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-43154
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: erofs: fix incorrect early exits in volume label handling Crafted EROFS images containing...
PT-2026-38581
Name of the Vulnerable Software and Affected Versions Microsoft Partner Center affected versions not specified Description An externally controlled reference to a resource in another sphere allows an unauthorized attacker to perform spoofing over a network. Recommendations At the moment, there is...
PT-2026-38414
Name of the Vulnerable Software and Affected Versions gittuf versions prior to 0.14.0 Description An attacker with push access to the Reference State Log RSL can roll back the current policy to any previous policy trusted by the current set of root keys. This occurs because gittuf determines the...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: openssh (UTSA-2026-016492)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016492 advisory. OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted ...
Linux Distros Unpatched Vulnerability : CVE-2026-43106
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix incorrect dentry refcount in cachefilescull The patch mentioned below change...
Linux Distros Unpatched Vulnerability : CVE-2026-43177
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: ipu6: Fix RPM reference leak in probe error paths Several error paths in ipu6pciprobe were jumping directly to outipu6busdeldevices without releasing the...
CGA-RX9X-25F6-MVC3
Bulletin has no description...
GHSA-9W9C-9W8M-W89Q ShellHub has cross-tenant IDOR in `GET /api/sessions/:uid` that discloses SSH session data
Summary GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated user can read session records SSH username, device UID, remote IP, terminal type, authenticated flag, timestamps belonging to any other namespace...
CVE-2026-43582
creationtimestamp| type| source ---|---|--- 2026-05-06 21:36:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml7ntpxucl2e...
CVE-2026-43193
A flaw was found in the Linux kernel's Network File System Daemon nfsd. A reference count leak in the nfsdgetdirdeleg function can lead to resource exhaustion. This vulnerability, if repeatedly triggered, may allow an attacker to cause a Denial of Service DoS by consuming available system resourc...
CVE-2026-43179
A flaw was found in the Linux kernel's EROFS filesystem. An attacker could provide a specially crafted EROFS image with metadata compression enabled. This could trigger incorrect early returns within the kernel, leading to folio reference leaks. While this issue does not cause system crashes or...
CVE-2026-33441
This CVE is a duplicate of another CVE: CVE-2026-33079...
CVE-2026-43177
A flaw was found in the Linux kernel's ipu6 driver. This issue occurs due to a runtime Power Management PM reference leak in the driver's probe error paths. When errors occur during device initialization, PM references are not properly released, which can lead to resource exhaustion and potential...
CVE-2026-43167
A flaw was found in the Linux kernel's xfrm subsystem, which handles IPsec Internet Protocol Security transformations. This vulnerability is caused by a reference count leak in xfrmstate objects when a network device is unregistered. An attacker with local access and privileges to configure netwo...
CVE-2026-43165
A flaw was found in the Linux kernel's hwmon subsystem, specifically in the nct7363 driver. This resource leak occurs in the nct7363presentpwmfanin function because a device node reference is not properly released after being acquired. An attacker with local access could potentially exploit this ...
CVE-2026-43585 OpenClaw < 2026.4.15 - Bearer Token Validation Bypass via Stale SecretRef Resolution
OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-resolve authentication per-request, enabling attackers to use rotated-out bearer tokens for unauthoriz...
CVE-2026-43585 OpenClaw < 2026.4.15 - Bearer Token Validation Bypass via Stale SecretRef Resolution
OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-resolve authentication per-request, enabling attackers to use rotated-out bearer tokens for unauthoriz...
GHSA-7545-FCXQ-7J24 GitPython reference APIs has a path traversal vulnerability that allows arbitrary file write and delete outside the repository
🧾 Summary A vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory via insufficient validation of reference paths in reference creation, rename, and...
GitPython reference APIs has a path traversal vulnerability that allows arbitrary file write and delete outside the repository
🧾 Summary A vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory via insufficient validation of reference paths in reference creation, rename, and...
Directory Traversal
Overview GitPython is a python library used to interact with Git repositories Affected versions of this package are vulnerable to Directory Traversal through insufficient validation of reference paths in the creation, renaming, and deletion. An attacker can write, overwrite, move, or delete files...