239 matches found
RLSA-2026:21757 Important: flatpak security update
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on host via improper cache file...
Important: Red Hat Security Advisory: flatpak security update
An update for flatpak is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
ALSA-2026:21757 Important: flatpak security update
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on host via improper cache file...
PT-2026-42173
Name of the Vulnerable Software and Affected Versions Twig affected versions not specified Description The Compiler::string function fails to escape single quotes when generating PHP double-quoted string literals. In ModuleNode::compileConstructor, template names from a % use % tag are processed...
CVE-2026-6636
A vulnerability was detected in p2r3 convert up to 6998584ace3e11db66dff0b423612a5cf91de75b. Affected is the function Bun.serve of the file buildCache.js of the component API. Performing a manipulation of the argument pathname results in path traversal. It is possible to initiate the attack...
CVE-2025-14815
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and...
SUSE-SU-2026:20928-1 Security update for python-black
This update for python-black fixes the following issues: - CVE-2026-31900: a malicious pyproject.toml edit can lead to arbitrary code execution bsc1259546. - CVE-2026-32274: arbitrary file writes from unsanitized user input in cache file name bsc1259608...
OPENSUSE-SU-2026:20417-1 Security update for python-black
This update for python-black fixes the following issues: - CVE-2026-31900: a malicious pyproject.toml edit can lead to arbitrary code execution bsc1259546. - CVE-2026-32274: arbitrary file writes from unsanitized user input in cache file name bsc1259608...
openSUSE 15 Security Update : python-black (SUSE-SU-2026:0900-1)
The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:0900-1 advisory. This update for python-black fixes the following issue: - CVE-2026-32274: arbitrary file writes from unsanitized user input in cache file name bsc1259608...
Arbitrary File Write
Black is vulnerable to Arbitrary File Write. The vulnerability is due to improper sanitization of the --python-cell-magics option when constructing cache file names, allowing attackers to manipulate the file path and write cache files to arbitrary locations on the filesystem...
SUSE-SU-2026:0900-1 Security update for python-black
This update for python-black fixes the following issue: - CVE-2026-32274: arbitrary file writes from unsanitized user input in cache file name bsc1259608...
SUSE CVE-2026-32274
Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the...
Linux Distros Unpatched Vulnerability : CVE-2026-32274
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. Th...
CVE-2026-32274
A user input sanitization flaw has been discovered in the Black python code formatter. Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker...
CVE-2026-32274 Black: Arbitrary file writes from unsanitized user input in cache file name
Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the...
CVE-2026-32274 Black: Arbitrary file writes from unsanitized user input in cache file name
Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the...
Black: Arbitrary file writes from unsanitized user input in cache file name
Impact Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the value of this argument to write cache files to arbitrary file...
UBUNTU-CVE-2026-2604
insecure local cache file removal...
MiracleLinux 7 : fontconfig-2.10.95-10.el7 (AXSA:2016-1121:01)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-1121:01 advisory. Fontconfig is designed to locate fonts within the system and select them according to requirements specified by applications. Security issues fixed with this...
CVE-2025-23365
A vulnerability has been identified in TIA Administrator All versions V3.0.6. The affected application allows low-privileged users to trigger installations by overwriting cache files and modifying the downloads path. This would allow an attacker to escalate privilege and exceute arbitrary code...