CVE-2026-45089

Dalfox AOSS (CVE-2026-45089) allows unauthenticated arbitrary file creation/append when running in REST server mode. Before v2.13.0, the API accepts attacker-controlled OutputFile, OutputAll, and Debug in model.Options; the logger writes to the attacker-specified path via os.OpenFile with O_APPEN...

GHSA-8HF9-3Q64-Q2QF Dalfox Server Mode has an Unauthenticated Arbitrary File Create/Append via `output` Option

Summary When dalfox is run in REST API server mode, the output, output-all, and debug fields in model.Options are JSON-tagged and deserialized directly from the attacker's request body, then propagated unchanged through dalfox.Initialize into the scan engine's logging path. The logger opens the...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: recordmcount: Fix memory leaks in the uwrite function Common realloc mistake: 'fileappend' nulled but not freed upon failure...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005728)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005728 advisory. In the Linux kernel, the following vulnerability has been resolved: recordmcount: Fix memory leaks in the uwrite function Common realloc mistake: 'fileappend' nulled...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005423)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005423 advisory. In the Linux kernel, the following vulnerability has been resolved: recordmcount: Fix memory leaks in the uwrite function Common realloc mistake: 'fileappend' nulled...

CVE-2026-25628

Qdrant is a vector similarity search engine and vector database. From 1.9.3 to before 1.16.0, it is possible to append to arbitrary files via /logger endpoint using an attacker-controlled ondisk.logfile path. Minimal privileges are required read-only access. This vulnerability is fixed in 1.16.0...

CVE-2026-25628

Qdrant is a vector similarity search engine and vector database. From 1.9.3 to before 1.16.0, it is possible to append to arbitrary files via /logger endpoint using an attacker-controlled ondisk.logfile path. Minimal privileges are required read-only access. This vulnerability is fixed in 1.16.0...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992515)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992515 advisory. In the Linux kernel, the following vulnerability has been resolved: recordmcount: Fix memory leaks in the uwrite function Common realloc mistake: 'fileappend' nulled...

EUVD-2005-4268

Malware in sbrugna...

SUSE CVE-2023-53318

In the Linux kernel, the following vulnerability has been resolved: recordmcount: Fix memory leaks in the uwrite function Common realloc mistake: 'fileappend' nulled but not freed upon failure...

CVE-2023-53318

In the Linux kernel, the following vulnerability has been resolved: recordmcount: Fix memory leaks in the uwrite function Common realloc mistake: 'fileappend' nulled but not freed upon failure...

DEBIAN-CVE-2023-53318

In the Linux kernel, the following vulnerability has been resolved: recordmcount: Fix memory leaks in the uwrite function Common realloc mistake: 'fileappend' nulled but not freed upon failure...

UBUNTU-CVE-2023-53318

In the Linux kernel, the following vulnerability has been resolved: recordmcount: Fix memory leaks in the uwrite function Common realloc mistake: 'fileappend' nulled but not freed upon failure...

CVE-2023-53318 recordmcount: Fix memory leaks in the uwrite function

In the Linux kernel, the following vulnerability has been resolved: recordmcount: Fix memory leaks in the uwrite function Common realloc mistake: 'fileappend' nulled but not freed upon failure...

PT-2025-38036

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a memory leak in the uwrite function within the recordmcount component. This issue stems from a common realloc mistake where memory allocated for file append ...

CVE-2024-36001

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix the pre-flush when appending to a file in writethrough mode In netfsperformwrite, when the file is marked NETFSICTXWRITETHROUGH or OSYNC or RWFSYNC was specified, write-through caching is performed on a buffered file...

PT-2023-6687

Name of the Vulnerable Software and Affected Versions Bitrix24 version 22.0.300 Description An unsafe variable extraction issue exists in the bitrix/modules/main/classes/general/user options.php file. This allows remote authenticated attackers to execute arbitrary code through two methods:...

SUSE CVE-2008-2401

The Admin Server in Sun Java Active Server Pages ASP Server before 4.0.3 allows remote attackers to append to arbitrary new or existing files via the first argument to a certain file that is included by multiple unspecified ASP applications...

Unspecified Vulnerability in KDE KMail (CNVD-2021-31481)

KDE KMail is an e-mail component of Kontact personal information management suite from the KDE community. A security vulnerability exists in KDE KMail versions prior to 19.12.3. An attacker could use this vulnerability to cause KMail to append a local file to a written email message without...

CVE-2016-2996

IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, allows remote authenticated users to append to arbitrary files via unspecified vectors...