PT-2026-37518

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the procfs component within the do procmap query function. When a user provides an incorrectly sized buffer for the build ID during a PROCMAP QUERY, the system returns a...

WWBN AVideo 操作系统命令注入漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained an operating system command injection vulnerability. This vulnerability stemmed from incomplete repairs in the test.php file, which did not clean up the...

CVE-2026-33481 Syft improper temporary file cleanup

Syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those...

GO-2026-4809 Syft improper temporary file cleanup in github.com/anchore/syft

Syft improper temporary file cleanup in github.com/anchore/syft...

RealtyScript 跨站脚本漏洞

RealtyScript is a real estate website management system developed by RealtyScript Inc. Version 4.0.2 of RealtyScript contains a cross-site scripting vulnerability. This vulnerability stems from improper cleanup of uploaded files, which may allow attackers to store malicious scripts through the fi...

📄 libvips 8.19.0 VIPS Image Extraction Crash / Auditor

This Python script performs a comprehensive security and stability audit of the vips image processing binary. It tests the extractarea function using extreme int32 and uint32 values as well as normal ranges to detect crashes, memory corruption, or buffer overflows. The audit automates setup,...

CVE-2026-2531

A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clearfilename of the file mindsdb/utilities/security.py of the component File Upload. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The...

OSV-2025-989 Bad-cast to UT_hash_bucket' (aka 'struct UT_hash_bucket')password_file__cleanup

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=468922225 Crash type: Bad-cast Crash state: Bad-cast to UThashbucket' aka 'struct UThashbucket'passwordfilecleanup mosquittosecuritycleanupdefault brokerfuzzpasswordfile.cpp...

OSV-2025-932 Heap-use-after-free in password_file__cleanup

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=462551340 Crash type: Heap-use-after-free READ 8 Crash state: passwordfilecleanup mosquittosecuritycleanupdefault brokerfuzzpasswordfile.cpp...

Fedora 42 : openapi-python-client (2025-16b2da653e)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-16b2da653e advisory. - add patch to remove dependency upper bound versions - remove obsolete patches that updated upper bound versions - clean up spec file formatting Tenable has...

EUVD-2022-55516

Malicious code in bioql PyPI...

EUVD-2023-2763

Malicious code in bioql PyPI...

Partner Software和Partner Software Partner Web 安全漏洞

Partner Software and Partner Software Partner Web are both products of Partner Software, a U.S.-based company.Partner Software is a geographic information system application.Partner Software Partner Web is a back-end system that provides review of reports on the Partner Software is a GIS...

CVE-2025-5100

A double-free condition occurs during the cleanup of temporary image files, which can be exploited to achieve memory corruption and potentially arbitrary code execution...

Aim 路径遍历漏洞

Aim is an easy-to-use and high-performance open source experiment tracker from Aim Open Source USA. Aim version 3.22.0 suffers from a path traversal vulnerability that stems from the LocalFileManager.cleanup function failing to validate a file path, which could lead to arbitrary file deletion...

olcne security update

1.8.1-2 - Cleanup spec file 1.8.1-1 - Fix OLM upgrade failure - upgrade from 0.17.0 to 0.23.1 failed due to a couple of crds missing - Add hostpathRequiresPrivilged value to rook template cr to be passed to module operator - Fixed Istio-1.18 and Istio-1.19 installation on aarch64 architecture -...

WordPress Plugin CITS Support svg, webp Media and TTF,OTF File Upload Cross Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin CITS Support svg, webp Med...

SUSE CVE-2015-5706

Use-after-free vulnerability in the pathopenat function in fs/namei.c in the Linux kernel 3.x and 4.x before 4.0.4 allows local users to cause a denial of service or possibly have unspecified other impact via OTMPFILE filesystem operations that leverage a duplicate cleanup operation...

SUSE CVE-2016-9914

Memory leak in hw/9pfs/9p.c in QEMU aka Quick Emulator allows local privileged guest OS users to cause a denial of service host memory consumption and possibly QEMU process crash by leveraging a missing cleanup operation in FileOperations...

PT-2022-35405 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.75 Description: The issue is related to io uring/af unix, where registered files gc is deferred to io uring release. The actual impact and attack plausibility have not yet been proven. Recommendations: For...