RLSA-2026:18722 Important: podman security update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: podman: Podman kube play command may overwrite host files CVE-2025-9566 For more details...

RHEL 10 : podman (RHSA-2026:18289)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18289 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods...

RHEL 9 : podman (RHSA-2026:18722)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18722 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods...

EUVD-2026-25620

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From 0.4.0 to before 0.8.0, a flaw in the Java agent injection path allows a local attacker controlling a Java workload to overwrite arbitrary host files when Java injection is enabled and OBI is...

Text Generation Web UI 路径遍历漏洞

Text Generation Web UI is a local AI UI interface developed by oobabooga’s individual developer. Versions of Text Generation Web UI prior to 4.1.1 contained a path traversal vulnerability. This vulnerability stems from allowing extended settings to be saved in the py format, which can overwrite...

CVE-2026-30292

An arbitrary file overwrite vulnerability in Docudepot PDF Reader: PDF Viewer APP v1.0.34 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

EUVD-2026-4656

pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of nodemodules/.bin. Bin names starting with @ bypass validation, and after scope normalization, path traversal...

SUSE-SU-2026:20103-1 Security update for podman

This update for podman fixes the following issues: - CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files bsc1252376. - CVE-2025-9566: kube play command may overwrite host files bsc1249154...

OESA-2026-1093 tar security update

GNU Tar provides the ability to create tar archives, as well as various other kinds of manipulation. For example, you can use Tar on previously created archives to extract files, to store additional files, or to update or list files which were already stored. Security Fixes: GNU Tar through 1.35...

MiracleLinux 9 : podman-5.6.0-6.el9_7 (AXSA:2025-11464:11)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11464:11 advisory. database/sql: Postgres Scan Race Condition CVE-2025-47907 podman: Podman kube play command may overwrite host files CVE-2025-9566 Tenable has...

CVE-2025-62725

Docker Compose is vulnerable to a path traversal flaw in how it handles OCI artifact layer annotations. When processing remote OCI compose artifacts, Compose trusts attacker-controlled annotation fields such as com.docker.compose.extends and com.docker.compose.envfile. This allows a crafted...

SUSE SLES15 / openSUSE 15 Security Update : podman (SUSE-SU-2025:3782-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:3782-1 advisory. - CVE-2025-9566: fixed a case when kube play command could overwrite host files bsc1249154. Tenable has extracted the precedin...

CVE-2025-42937 Directory Traversal vulnerability in SAP Print Service

SAP Print Service SAPSprint performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files causing high impact on confidentiality integrity and availability of the application...

Security update for podman

This update for podman fixes the following issues: CVE-2025-9566: fixed an issue where kube play command could cause host files to get overwritten bsc1249154 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

EUVD-2007-0648

Malware in sbrugna...

EUVD-2005-2102

Malware in sbrugna...

EUVD-2025-27191

Malicious code in bioql PyPI...

EUVD-2025-21553

Malicious code in bioql PyPI...

podman: Podman kube play command may overwrite host files

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...

Important: Red Hat Security Advisory: container-tools:rhel8 security update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common...