PT-2026-1029

Name of the Vulnerable Software and Affected Versions wasm3 versions up to 0.5.0 Description A flaw exists in wasm3 that could lead to memory corruption. The issue is related to the op SetSlot i32/op CallIndirect function within the m3 exec.h file. Manipulation of this function can trigger the...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993138)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993138 advisory. In the Linux kernel, the following vulnerability has been resolved: vfio/type1: prevent underflow of lockedvm via exec When a vfio container is preserved across exec...

CVE-2025-69256 serverless MCP Server vulnerable to command injection in list-projects tool

The Serverless Framework is a framework for using AWS Lambda and other managed cloud services to build applications. Starting in version 4.29.0 and prior to version 4.29.3, a command injection vulnerability exists in the Serverless Framework's built-in MCP server package @serverless/mcp. This...

Serverless Framework 命令注入漏洞

Serverless Framework is a cloud service hosting tool from Serverless open source. A command injection vulnerability exists in Serverless Framework versions 4.29.0 through prior to 4.29.3, which stems from improper cleanup of input parameters to childprocess.exec, which could lead to remote code...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992343)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992343 advisory. In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: Cleanup CPU timers before freeing them during exec Commit 55e8c8eb2c7b...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992342)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992342 advisory. In the Linux kernel, the following vulnerability has been resolved: vfio/type1: prevent underflow of lockedvm via exec When a vfio container is preserved across exec...

OSV-2025-1018 Stack-buffer-overflow in lre_exec

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=471304472 Crash type: Stack-buffer-overflow READ 8 Crash state: lreexec fuzzregexp.c...

EUVD-2022-55763

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix possible use-after-free in async command interface mlx5cmdcleanupasyncctx should return only after all its callback handlers were completed. Before this patch, the below race between mlx5cmdcleanupasyncctx and...

Oracle Linux 10 : httpd (ELSA-2025-23932)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-23932 advisory. - Resolves: RHEL-135052 - httpd: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride FileInfo CVE-2025-66200 - Resolves: RHEL-135035 -...

httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...

os/exec: Unexpected paths returned from LookPath in os/exec

A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...

Moderate: Red Hat Security Advisory: go-rpm-macros security update

An update for go-rpm-macros is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

os/exec: Unexpected paths returned from LookPath in os/exec

A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...

Moderate: Red Hat Security Advisory: go-rpm-macros security update

An update for go-rpm-macros is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

os/exec: Unexpected paths returned from LookPath in os/exec

A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...

Moderate: Red Hat Security Advisory: go-rpm-macros security update

An update for go-rpm-macros is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

os/exec: Unexpected paths returned from LookPath in os/exec

A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...

Moderate: Red Hat Security Advisory: go-toolset:rhel8 security update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common...

os/exec: Unexpected paths returned from LookPath in os/exec

A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...

os/exec: Unexpected paths returned from LookPath in os/exec

A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...