Astra Linux – Vulnerability in Linux

The file arch/powerpc/kvm/book3srtas.c in the Linux kernel, as of version 5.13.5 on the PowerPC platform, allows KVM guest OS users to cause memory corruption in the host OS through rtasargs.nargs, also known as CID-f62f3c20647e...

EUVD-2026-35400

TYPO3 CMS has Broken Access Control in its File Abstraction Layer...

TYPO3 CMS has Broken Access Control in its File Abstraction Layer

Problem The path allowance check in GeneralUtility::isAllowedAbsPath performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as valid when the project root was /var/www/html...

GHSA-JF56-V8JC-JCC5 TYPO3 CMS has Broken Access Control in its File Abstraction Layer

Problem The path allowance check in GeneralUtility::isAllowedAbsPath performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as valid when the project root was /var/www/html...

CVE-2026-49738

The path allowance check in GeneralUtility::isAllowedAbsPath performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as valid when the project root was /var/www/html. Administrator...

CVE-2026-49738

The path allowance check in GeneralUtility::isAllowedAbsPath performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as valid when the project root was /var/www/html. Administrator...

CVE-2026-49742

CVE-2026-49742 affects TYPO3 CMS where Backend users with file download permissions can access files from the FAL fallback storage via the Media Module. The fallback storage resolves paths relative to the server document root, potentially exposing sensitive files (e.g., log files). Affected versi...

CVE-2026-49738 TYPO3 CMS - Broken Access Control in File Abstraction Layer

The path allowance check in GeneralUtility::isAllowedAbsPath performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as valid when the project root was /var/www/html. Administrator...

CVE-2026-49738 TYPO3 CMS - Broken Access Control in File Abstraction Layer

The path allowance check in GeneralUtility::isAllowedAbsPath performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as valid when the project root was /var/www/html. Administrator...

CVE-2026-49738

CVE-2026-49738 concerns TYPO3 CMS where a flawed check in GeneralUtility::isAllowedAbsPath() uses a plain string prefix instead of a directory boundary, allowing path strings like /var/www/html-other/secret.yaml to pass when project root is /var/www/html. This enables administrator users with acc...

TYPO3-CORE-SA-2026-016: Broken Access Control in File Abstraction Layer

More info at https://typo3.org/security/advisory/typo3-core-sa-2026-016...

TYPO3-CORE-SA-2026-007: Broken Access Control in File Abstraction Layer

More info at https://typo3.org/security/advisory/typo3-core-sa-2026-007...

PT-2026-47746

Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions prior to 10.4.57 TYPO3 CMS versions 11.0.0 through 11.5.51 TYPO3 CMS versions 12.0.0 through 12.4.46 TYPO3 CMS versions 13.0.0 through 13.4.31 TYPO3 CMS versions 14.0.0 through 14.3.3 Description A path allowance check in th...

CVE-2026-8035

Technical details for CVE-2026-8035 are not publicly available in the provided documents. Monitor for updates from NI and security advisories.

Exploit for CVE-2026-9082

CVE-2026-9082 Type: SQL Injection CWE-89 Affected Pr...

[SECURITY] Fedora 42 Update: rust-astral-tokio-tar-0.6.1-1.fc42

A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all ...

[SECURITY] Fedora 44 Update: libmetal-2026.04.0-2.fc44

An abstraction layer across user-space Linux, baremetal, and RTOS environment s...

Security-Aware Planning and Control of Multi-Agent Systems with LTL Tasks

This paper presents a secure-by-construction planning and control framework for multi-agent systems subject to linear temporal logic LTL specifications. The framework protects sensitive information from a passive intruder with partial observations of the agents' motion. Security in multi-agent...

BIT-GDAL-2026-8084 OSGeo gdal HDF-EOS Grid File SWapi.c memmove out-of-bounds

A vulnerability was determined in OSGeo gdal up to 3.13.0. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execution. The exploit has...

CVE-2026-8088 OSGeo gdal GDapi.c GDfieldinfo out-of-bounds

A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the...