CVE-2026-0772

Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is required to exploit this vulnerability. The specific flaw exists within the disk...

UBUNTU-CVE-2026-24137

sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client pkg/tuf/client.go supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from...

CVE-2026-24137

sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client pkg/tuf/client.go supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from...

CVE-2026-24137 sigstore legacy TUF client allows for arbitrary file writes with target cache path traversal

sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client pkg/tuf/client.go supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from...

CVE-2026-24137

sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client pkg/tuf/client.go supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from...

Langflow code issues and vulnerabilities

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Langflow has code-related vulnerabilities; these vulnerabilities stem from the lack of validation for data provided by the disk caching service, which may lead to the...

sigstore legacy TUF client allows for arbitrary file writes with target cache path traversal

Summary The legacy TUF client pkg/tuf/client.go, which supports caching target files to disk, constructs a filesystem path by joining a cache base directory with a target name sourced from signed target metadata, but it does not validate that the resulting path stays within the cache base...

Azure Linux 3.0 Security Update: zziplib (CVE-2024-39134)

The version of zziplib installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-39134 advisory. - A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via...

Azure Linux 3.0 Security Update: qemu (CVE-2023-42467)

The version of qemu installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-42467 advisory. - QEMU through 8.0.0 could trigger a division by zero in scsidiskreset in hw/scsi/scsi-disk.c because...

Azure Linux 3.0 Security Update: kubernetes (CVE-2025-0426)

The version of kubernetes installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-0426 advisory. - A security issue was discovered in Kubernetes where a large number of container checkpoint requests made ...

Security information for Hitachi Disk Array Systems

Overview CVE-2025-54100 | PowerShell Remote Code Execution Vulnerability CVE-2025-55233 | Windows Projected File System Elevation of Privilege Vulnerability CVE-2025-59516 | Windows Storage VSP Driver Elevation of Privilege Vulnerability CVE-2025-59517 | Windows Storage VSP Driver Elevation of...

Restore to AWS EC2 Fails with: "ClientError: Unknown OS / Missing OS files."

Challenge When restoring a VM to AWS EC2, the following error occurs: StatusMessage: "CLIENTERROR : ClientError: Unknown OS / Missing OS files." Cause This issue occurs because Amazon recently began encrypting disks upon creation, resulting in new disks containing random data rather than zeros...

CVE-2026-21696

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting in version 1.7.0 and prior to version 1.12.0, Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a conditi...

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop due to improper handling of the SQLite maximum parameter limit in the activitycron component. An attacker can cause the system to repeatedly re-upload and reprocess the same activity log data by triggering a condition wher...

CVE-2026-21696

Wings (Pterodactyl) security issue CVE-2026-21696 affects version 1.7.0 through before 1.12.0. The bug arises from not honoring SQLite’s max parameter limit (32766) when deleting activity log entries, causing a query to fail with “too many SQL variables.” As a result, processed activity entries a...

CVE-2026-21696

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting in version 1.7.0 and prior to version 1.12.0, Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a conditi...

SUSE-SU-2026:20382-1 Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise kernel 6.4.0-34.1 fixes various security issues The following security issues were fixed: - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow bsc1251787. - CVE-2025-39682: tls: fix handling of zero-length records on the...

PT-2026-3490

Name of the Vulnerable Software and Affected Versions Wings versions 1.7.0 through 1.11.9 Description Wings, the server control plane for Pterodactyl, is affected by an issue where it does not account for SQLite’s maximum parameter limit when handling activity log entries. This allows a...

Wings Resource Management Error Vulnerability

Wings is the server control interface for Pterodactyl Panel. In versions 1.7.0 to 1.12.0 of Wings, there was a resource management vulnerability. This vulnerability stemmed from not considering the maximum parameter limits of SQLite, which could lead to exhaustion of the database server’s disk...

Synology DiskStation Manager Cross-Site Request Forgery (CVE-2024-45538)

Cross-Site Request Forgery CSRF vulnerability in WebAPI Framework in Synology DiskStation Manager DSM before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors. This plugin only works wit...