Important: flatpak security update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on host via improper cache file...

PT-2026-44197

A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...

RHEL 9 : httpd (RHSA-2026:21391)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:21391 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxyajp:...

RHEL 10 : httpd (RHSA-2026:21433)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:21433 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxyajp:...

flatpak security update

1.12.9-4 - Fix arbitrary code execution via crafted symlinks in sandbox-expose options Resolves: RHEL-165633 - Fix arbitrary file deletion on host via improper cache file path validation Resolves: RHEL-170160...

ALSA-2026:21756 Important: flatpak security update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on host via improper cache file...

UBUNTU-CVE-2026-47331

Ubuntu Linux 6.8 contains AppArmor SAUCE patches which fail to acquire a lock when modifying a linked list. An unprivileged local user could trigger the race condition that can lead to a use-after-free UAF and, theoretically, arbitrary code execution...

ALSA-2026:21755 Important: flatpak security update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on host via improper cache file...

PT-2026-44480

Name of the Vulnerable Software and Affected Versions Ubuntu Linux version 6.8 Description AppArmor SAUCE patches fail to acquire a lock when modifying a linked list. This allows an unprivileged local user to trigger a race condition, which can lead to a use-after-free UAF—a situation where a...

Debian dsa-6304 : libunbound-dev - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6304 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6304-1 [email protected] https://www.debian.org/securit...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the dynamic evaluation of user-supplied algorithm code in the script evaluation engine. An attacker can execute arbitrary operating system commands by injecting malicious Jython code through the REST API whe...

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the updateAlgorithm process. An attacker can execute arbitrary code on the server by supplying crafted JavaScript payloads that are evaluated without...

CVE-2026-45152

uniget is a universal installer and updater for container tools. Prior to 0.27.1, a command injection vulnerability exists in uniget due to unsafe execution of the check field from metadata files using /bin/bash -c. Because the check field is loaded directly from untrusted JSON metadata without...

CVE-2026-45991

A flaw was found in the Linux kernel's Universal Disk Format UDF filesystem. A remote attacker could exploit this vulnerability by tricking a user into mounting a specially crafted UDF image containing repeated partition descriptors. This could lead to a heap out-of-bounds write, potentially...

CVE-2026-46004

A flaw was found in the Linux kernel, specifically within the ALSA caiaq driver. This vulnerability arises from improper error handling during the setupcard probe procedure. When an error occurs, the system may attempt to use memory that has already been freed, leading to a Use-After-Free UAF...

CVE-2026-45152

CVE-2026-45152 affects uniget prior to 0.27.1, where a command injection is possible via the check field loaded from untrusted JSON metadata. The implementation runs /bin/bash -c on tool.Check, allowing an attacker-controlled value to execute arbitrary shell commands during common operations (des...

CVE-2026-45152

uniget is a universal installer and updater for container tools. Prior to 0.27.1, a command injection vulnerability exists in uniget due to unsafe execution of the check field from metadata files using /bin/bash -c. Because the check field is loaded directly from untrusted JSON metadata without...

CVE-2026-45152 uniget: Command Injection in tool.Check Leading to Arbitrary Code Execution

uniget is a universal installer and updater for container tools. Prior to 0.27.1, a command injection vulnerability exists in uniget due to unsafe execution of the check field from metadata files using /bin/bash -c. Because the check field is loaded directly from untrusted JSON metadata without...

EUVD-2026-32670

uniget is a universal installer and updater for container tools. Prior to 0.27.1, a command injection vulnerability exists in uniget due to unsafe execution of the check field from metadata files using /bin/bash -c. Because the check field is loaded directly from untrusted JSON metadata without...

CVE-2026-45152 uniget: Command Injection in tool.Check Leading to Arbitrary Code Execution

uniget is a universal installer and updater for container tools. Prior to 0.27.1, a command injection vulnerability exists in uniget due to unsafe execution of the check field from metadata files using /bin/bash -c. Because the check field is loaded directly from untrusted JSON metadata without...