GO-2026-4858 BuildKit's Malicious frontend can cause file escape outside of storage root in github.com/moby/buildkit

BuildKit's Malicious frontend can cause file escape outside of storage root in github.com/moby/buildkit...

CVE-2026-33747

CVE-2026-33747 affects BuildKit prior to v0.28.1. When using a custom BuildKit frontend, an untrusted frontend can craft an API message to cause files to be written outside the BuildKit state directory for the execution context, potentially enabling local privilege escalation or unauthorized file...

CVE-2026-33747 BuildKit vulnerable to malicious frontend causing file escape outside of storage root

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for...

EUVD-2026-16518

BuildKit's Malicious frontend can cause file escape outside of storage root...

GHSA-4C29-8RGM-JVJJ BuildKit's Malicious frontend can cause file escape outside of storage root

Impact When using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for the execution context. Patches The issue has been fixed in v0.28.1+ Workarounds Issue requires using an untrusted BuildKit frontend set...

Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues: Update to go 1.26.1 bsc1255111, jscSLE-18320: CVE-2026-25679: net/url: reject IPv6 literal not at start of host bsc1259264. CVE-2026-27137: crypto/x509: incorrect enforcement of email constraints bsc1259266. CVE-2026-27138: crypto/x509:...

Linux Distros Unpatched Vulnerability : CVE-2020-5253

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file usually .nethackrc which could be exploited. This bug is...

CVE-2021-33638

CVE-2021-33638 — In iSulad, using the isula cp command to copy files from a container to the host can allow container escape when the container is controlled by an attacker. The vulnerability is reflected in multiple EulerOS/Red Hat advisories and OpenVAS entries that list CVE-2021-33638 among re...

UBUNTU-CVE-2023-2861

A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder...

Stored XSS vulnerability in Code Coverage API Plugin

Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view. This results in a stored cross-site scripting vulnerability that can be exploited by users able to change the job configuration. Code Coverage API Plugin 1.1.3 escapes the filename of...

CVE-2022-0840

The Easy Social Icons WordPress plugin before 3.2.1 does not properly escape the imagefile field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfilteredhtml capability is disallowed...

CVE-2022-0840

The Easy Social Icons WordPress plugin before 3.2.1 does not properly escape the imagefile field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfilteredhtml capability is disallowed...

CVE-2021-40153

A flaw was found in Squashfs-tools, where it is vulnerable to attacks similar to zip-slip. During extraction, a file can escape the destination directory either via the '../' string to access the parent directory or via symlinks. This flaw allows a specially crafted squashfs archive to install or...

vivi thief program the backstage management system background to take the shell with the breakthrough in License verification-vulnerability and early warning-the black bar safety net

A brief introduction about this program this program is a thief program, that is no database there is no so-calledsql injection. Then the administrator account password of all plaintext storage in /admin/data.php inside. The default background path:/admin/index.php Default account password: admin...