CVE-2026-13595 Util-linux: util-linux: heap use-after-free in libblkid nested partition probing

A flaw was found in the libblkid library of util-linux. During nested partition probing, the BSD, Minix, Solaris x86, and UnixWare partition probers cache a raw pointer to a parent partition entry in a dynamically allocated array. When subsequent partition additions cause the array to be...

CVE-2026-13595

CVE-2026-13595 affects libblkid in util-linux. During nested partition probing, BSD/Minix/Solaris x86/UnixWare probers cache a parent partition pointer in a dynamically allocated array; on reallocation, the pointer becomes stale, causing a heap use-after-free read. An attacker with access to a cr...

CVE-2026-12975

A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission or unauthenticated when the registry runs with default...

Malicious code in rstreams-shard-util (npm)

The rstreams-shard-util npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the propagation of unvalidated LABEL values from image configuration to container labels. An attacker can execute arbitrary commands on the host by...

Astra Linux – Vulnerability in util-linux

The wall function in util-linux up to version 2.40 is often installed with setgid and tty permissions. This allows escape sequences to be sent to other users’ terminals via argv. Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocke...

Astra Linux – Vulnerability in OpenVSwitch

It has been discovered that openvswitch 2.17.8 contains a memory leak due to the xmalloc function in openvswitch-2.17.8/lib/util.c...

Astra Linux – Vulnerability in Flatpak

Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. The flatpak-builder command applies the finish-args option last in the build process. At this point, the build directory will have full acce...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: sched: Fixed out-of-bound access in uclamp. Util-clamp places tasks into different buckets based on their clamp values for performance reasons. However, the size of the buckets is currently computed using a rounding division, whi...

Important Photon OS Security Update - PHSA-2026-5.0-0885

Updates of 'util-linux', 'jq', 'rsync' packages of Photon OS have been released...

CVE-2025-71321

picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to bypass the dangerous blocklist by using distutils.fileutil.writefile. Attackers can construct malicious pickle objects to overwrite critical system files and achieve denial of service or remote code...

Linux Distros Unpatched Vulnerability : CVE-2026-53614

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - util-linux - None Ubuntu Linux - Local Privilege Escalation via LIBMOUNTFORCEMOUNT2 Environment Variable - nosuid/noexec Bypass in SUID mount8...

Linux Distros Unpatched Vulnerability : CVE-2026-53612

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - util-linux - None Ubuntu Linux - Local Privilege Escalation via TOCTOU in mount8 hookowner.c chmod/chown CVE-2026-53612 Note that Nessus relies o...

Linux Distros Unpatched Vulnerability : CVE-2026-53613

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - upstream upgrade with security fixes: - CVE-2026-53612 - libmount: TOCTOU attack via ancestor directory swap during mount - CVE-2026-53613 - libmount: SUID bypa...

Linux Distros Unpatched Vulnerability : CVE-2026-53615

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - util-linux - None Ubuntu Linux - Integer Overflow or Wraparound in libblkid/src/partitions/dos.c CVE-2026-53615 Note that Nessus relies on the...

PT-2026-49303

Name of the Vulnerable Software and Affected Versions Vector version 0.54.0 Description An issue in the '/util/http/prelude.rs' endpoint allows attackers to cause a Denial of Service DoS, which is a condition where a service becomes unavailable to its intended users, by sending a crafted request ...

CVE-2026-39197

Summary: CVE-2026-39197 affects Datadog Vector v0.54.0 with a vulnerability in the /util/http/prelude.rs endpoint that can trigger a Denial of Service (DoS) via a crafted request or payload. The CVSS-derived metrics indicate NETWORK attack vector, low attack complexity, required privileges, and h...

CVE-2026-53609 Apostrophe has Server-Side Prototype Pollution in apos.util.set via patch operators that leads to process-wide authorization bypass

ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, apos.util.set traverses dot-notation paths without sanitizing proto, allowing an authenticated editor to write arbitrary values to Object.prototype via the $pullAll patch operator. A confirm...

CVE-2026-53609

CVE-2026-53609 involves ApostropheCMS (Node.js) up to version 4.30.0, where apos.util.set() can traverse dot-notation paths and fail to sanitize proto , enabling an authenticated editor to write arbitrary values to Object.prototype via the $pullAll patch operator. A confirmed gadget in publicApiC...

EulerOS Virtualization 2.13.0 : util-linux (EulerOS-SA-2026-2420)

According to the versions of the util-linux packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check- Time-of-Use vulnerabilit...