CLSA-2026-1776687226 Fix CVE(s): CVE-2024-52005

SECURITY UPDATE: ANSI escape sequence injection via sideband - debian/patches/CVE-2024-52005.patch: add strbufaddsanitized to mask control characters in sideband output in sideband.c. - CVE-2024-52005...

USN-8098-10 linux-raspi, linux-raspi-5.4 vulnerabilities

Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information kernel memory, local...

Exploit for CVE-2026-3462

CVE-2026-3462 Acrobat Reader | Improperly Controlled Modifica...

CVE-2026-6644

A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability allows an administrative user to break out of the restricted web environment and execute arbitrary code on the underlying operating system. This occurs due to insufficient validation of user-supplied...

firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component...

firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component...

firefox: thunderbird: Sandbox escape in the Responsive Design Mode component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the Responsive Design Mode component...

firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to use-after-free in the Disability Access APIs component...

firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the Telemetry component...

PT-2026-33863

OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesystem bridge readFile function that allows sandbox escape. Attackers can exploit the separate path validation and file read operations to bypass sandbox restrictions and read arbitrary files...

PraisonAI OS Command Injection Vulnerability (CNVD-2026-18145)

PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from an operating system command injection vulnerability that stems from the fact that SubprocessSandbox relies on string pattern matching to block dangerous commands in all modes and the block list does not...

Debian dsa-6207 : flatpak - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6207 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6207-1 [email protected] https://www.debian.org/securit...

PT-2026-33831

Name of the Vulnerable Software and Affected Versions Flowsint affected versions not specified Description Flowsint is an open-source OSINT graph exploration tool used for cybersecurity investigation, transparency, and verification. A remote attacker can create a sketch and trigger the org to asn...

Exploit for CVE-2026-39808

🚨 FortiSandbox Root Sandbox Escape - CVE-2026-39808 ----...

GHSA-XJVP-7243-RG9H Wish has SCP Path Traversal that allows arbitrary file read/write

Summary The SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A malicious SCP client can read arbitrary files from the server, write arbitrary files to the server, and create directories outside the configured root directory by sending crafted filenames containing ../...

Zio has SubFileSystem Path Confinement Bypass via Unresolved `..` Segment

Summary SubFileSystem fails to confine operations to its declared sub path when the input path is /../ or equivalents /../, /..\. This path passes all validation but resolves to the root of the parent filesystem, allowing directory level operations outside the intended boundary. Affected Componen...

SUSE SLED15 / SLES15 Security Update : iproute2 (SUSE-SU-2026:1418-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1418-1 advisory. This update for iproute2 fixes the following issue: - CVE-2024-58251: denial of service via terminal escape sequences...

PT-2026-37134

Name of the Vulnerable Software and Affected Versions Wish versions 2.0.0 through 2.0.0 Description The SCP middleware in charm.land/wish/v2 is subject to path traversal. A malicious SCP client can read and write arbitrary files, as well as create directories outside the configured root directory...

SUSE CVE-2026-41082

In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory...

Arbitrary Code Injection

Overview org.webjars.npm:math-codegen is a Generates code from mathematical expressions Affected versions of this package are vulnerable to Arbitrary Code Injection via the parse function. An attacker can execute arbitrary code by supplying crafted input that is injected directly into a dynamical...