Microsoft APM CLI's plugin.json component paths escape plugin root and copy arbitrary host files during install

Summary Microsoft APM normalizes marketplace plugins by copying plugin components referenced in plugin.json into .apm/. The manifest fields agents, skills, commands, and hooks are attacker-controlled, but the implementation does not enforce that those paths remain inside the plugin directory. A...

NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module

A flaw was found in NGINX. A remote attacker can exploit a buffer overflow vulnerability within the ngxhttpdavmodule module. This occurs when the NGINX configuration uses DAV module MOVE or COPY methods in conjunction with prefix location and alias directives. Successful exploitation may lead to...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 "Copy Fail" — Technical Deep Dive Severity:...

CVE-2026-41589 Wish has SCP Path Traversal that allows arbitrary file read/write

Wish is an SSH server with defaults and a collection of middlewares. From version 2.0.0 to before version 2.0.1, the SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A malicious SCP client can read arbitrary files from the server, write arbitrary files to the server,...

EUVD-2026-28370

Wish is an SSH server with defaults and a collection of middlewares. From version 2.0.0 to before version 2.0.1, the SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A malicious SCP client can read arbitrary files from the server, write arbitrary files to the server,...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 — "Copy Fail" Safe Detection Script A read-o...

CLSA-2026-1777883924 nginx: Fix of CVE-2026-27654

CVE-2026-27654: fix heap buffer overflow in ngxhttpdavmodule COPY/MOVE with alias...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

Vulnerability Overview | Item | Content...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

Copy-fail-CVE-2026-31431-Exploit-in-C Discovery and original d...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 — Live Code Corruption via Page Cache A novel...

SUSE CVE-2026-43016

In the Linux kernel, the following vulnerability has been resolved: bpf: sockmap: Fix use-after-free of sk-sksocket in skpsockverdictdataready. syzbot reported use-after-free of AFUNIX socket's sk-sksocket in skpsockverdictdataready. 0 In unixstreamsendmsg, the peer socket's -skdataready is calle...

SUSE CVE-2026-43074

In the Linux kernel, the following vulnerability has been resolved: eventpoll: defer struct eventpoll free to RCU grace period In certain situations, epfree in eventpoll.c will kfree the epi-ep eventpoll struct while it still being used by another concurrent thread. Defer the kfree to an RCU...

SUSE CVE-2026-43075

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix out-of-bounds write in ocfs2writeendinline KASAN reports a use-after-free write of 4086 bytes in ocfs2writeendinline, called from ocfs2writeendnolock during a copyfilerange splice fallback on a corrupted ocfs2 filesyst...

SUSE CVE-2026-43091

In the Linux kernel, the following vulnerability has been resolved: xfrm: Wait for RCU readers during policy netns exit xfrmpolicyfini frees the policybydst hash tables after flushing the policy work items and deleting all policies, but it does not wait for concurrent RCU readers to leave their...

SUSE CVE-2026-43092

In the Linux kernel, the following vulnerability has been resolved: xsk: validate MTU against usable frame size on bind AFXDP bind currently accepts zero-copy pool configurations without verifying that the device MTU fits into the usable frame space provided by the UMEM chunk. This becomes a...

SUSE CVE-2026-43254

In the Linux kernel, the following vulnerability has been resolved: ovpn: tcp - fix packet extraction from stream When processing TCP stream data in ovpntcprecv, we receive large cloned skbs from strprcv that may contain multiple coalesced packets. The current implementation has two bugs: 1. Head...

Linux Distros Unpatched Vulnerability : CVE-2026-43199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/mlx5e: Fix scheduling while atomic in IPsec MAC address query Fix a scheduling while atomic bug in mlx5eipsecinitmacs by replacing mlx5querymacaddress with...

CVE-2026-43214

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM for x86 architectures. When reading Page Directory Pointer Table Registers PDPTRs in the getsregs2 function, the system fails to use proper Sleepable Read-Copy Update SRCU protection. This oversight can lead to incorrect memo...

Advisory ROSA-SA-2026-3259

software: kernel-5.10 5.10.244 WASP: ROSA-CHROME unaffected versions = kernel-5.10-5.10.244-2 affected versions kernel-5.10-5.10.244-2 CVE-ID: CVE-2026-31431 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in the Linux kernel crypto subsystem crypto: algifaead. Attempts to perform AEAD...

CVE-2026-34462

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler copy a WCHAR boxname34 field from request structures into WCHAR40 stack buffers using wcscpy...