CVE-2026-46242

A flaw was found in the Linux kernel's eventpoll mechanism. A Use-After-Free UAF vulnerability, where the system attempts to access memory after it has been freed, can occur during the removal of a file. A local attacker could exploit this race condition to corrupt memory, potentially leading to...

CLSA-2026-1776949031 flatpak: Fix of CVE-2026-34079

CVE-2026-34079: restrict cached-file removal to alphanumeric targets in flatpakswitchsymlinkandremove to prevent path-traversal unlink via a sandboxed-app-controlled symlink...

CVE-2026-32604

Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, a bad actor can execute arbitrary commands very simply on the clouddriver pods. This can expose credentials, remove files, or inject resources easily. Versions...

firefox security update

140.9.1-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079773 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 140.9.1-1 - Update to 140.9.1 ESR...

EUVD-2026-18258

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the MediaBrowserController::index method handles file deletion for the media browser. When the fileRemove action is triggered, the user-supplied name parameter is concatenated with the base upload directory path without any...

SUSE CVE-2026-23411

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix race between freeing data and fs accessing it AppArmor was putting the reference to iprivate data on its end after removing the original entry from the file system. However the inode can aand does live beyond that...

PT-2026-29669

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.1.1 Description phpMyFAQ is susceptible to arbitrary file deletion due to missing path traversal validation and CSRF token verification in the MediaBrowserController::index method. Specifically, when the fileRemove...

firefox security update

140.8.0-2.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079773 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 140.8.0 - Add debranding patches Mustafa Gezen - Add OpenELA default preferences Louis Abel 140.8.0-2 - Update to 140.8.0 ESR...

Ubuntu: Security Advisory (USN-8055-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-8055-1 evolution-data-server vulnerability

It was discovered that Evolution Data Server incorrectly handled removing local cache files. An attacker could possibly use this issue to cause Evolution Data Server to remove arbitrary files...

USN-8055-1: Evolution Data Server vulnerability

It was discovered that Evolution Data Server incorrectly handled removing local cache files. An attacker could possibly use this issue to cause Evolution Data Server to remove arbitrary files...

munge security update

0.5.13-14.0.1 - Updated path for removal of unneeded init file 0.5.13-14 - Fix CVE-2026-25506 - Resolved: RHEL-148533...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : Evolution Data Server vulnerability (USN-8055-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8055-1 advisory. It was discovered that Evolution Data Server incorrectly handled removing local cache files. An attacker could possibly use this issue to caus...

UBUNTU-CVE-2026-2604

insecure local cache file removal...

SUSE CVE-2026-25161

Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application contains path traversal vulnerability in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal...

CVE-2026-25161

Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application contains path traversal vulnerability in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal...

CVE-2026-25161

Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application contains path traversal vulnerability in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal...

Alist vulnerable to Path Traversal in multiple file operation handlers

Summary The application contains a Path Traversal vulnerability CWE-22 in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal sequences into filename components, enabling unauthorised file removal, movement and copying across...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the FsRemove and FsCopy functions. An attacker can access and manipulate files outside of their authorized directory by injecting traversal sequences into filename components. This allows unauthorized file remova...

CVE-2018-1000208

MODX Revolution version =2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. This attack appear to be exploitable via web request via security/login processor. This vulnerability appears to have been fixed in pull 139...