PT-2026-44376

An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component sshfs server, which executes with root privileges on the host, contains a path containment bypass vulnerability within its validate path function in src/sshfs mount/sftp server.cpp. The...

SUSE CVE-2026-43299

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not ASSERT when the fs flips RO inside btrfsrepairiofailure BUG There is a bug report that when btrfs hits ENOSPC error in a critical path, btrfs flips RO this part is expected, although the ENOSPC bug still needs to be...

CVE-2026-43359

The CVE-2026-43359 detail points to a Linux kernel Btrfs issue: when calling the set received ioctl, repeated use of the same received UUID on multiple subvolumes could overflow metadata and abort the transaction, forcing the filesystem into read-only mode. The root cause is an item overflow duri...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a project overflow during snapshot subvolume reception, causing transaction suspension and...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: gfs2: Fixed a memory corruption issue in gfs2qddealloc. In gfs2putsuper, regardless of whether it is withdrawn or not, the quota should be cleaned up by gfs2quotacleanup. Otherwise, the struct gfs2sbd will be freed before...

RockyLinux 9 : nodejs:24 (RLSA-2026:7350)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:7350 advisory. nodejs: Nodejs denial of service CVE-2026-21637 brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion CVE-2026-25547...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure to reject new transactions when the file system is in a read-only state, potentially...

CVE-2026-24687

Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...

ROS-20260126-73-0055

A vulnerability in the fs/readwrite.c component of the Linux operating system kernel is related to information disclosure. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2025-41696 Hardcoded User Password

An attacker can use an undocumented UART port on the PCB as a side-channel with the user hardcoded credentials obtained from CVE-2025-41692 to gain read access to parts of the filesystem of the device...

Phoenix Contact FL SWITCH 信任管理问题漏洞

The PHOENIX CONTACT FL SWITCH is an industrial grade Ethernet switch from PHOENIX CONTACT, Germany. A trust management issue vulnerability exists in Phoenix Contact FL SWITCH versions prior to 3.50, which stems from undocumented UART ports and hardcoded credentials that could result in a partial...

EUVD-2017-14121

Malware in sbrugna...

EUVD-2024-54875

Malicious code in bioql PyPI...

CVE-2025-51057

A local file inclusion LFI vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'readfile' function call in '/apivedo/video/preview'...

CVE-2024-50191 ext4: don't set SB_RDONLY after filesystem errors

In the Linux kernel, the following vulnerability has been resolved: ext4: don't set SBRDONLY after filesystem errors When the filesystem is mounted with errors=remount-ro, we were setting SBRDONLY flag to stop all filesystem modifications. We knew this misses proper locking sb-sumount and does no...

AZL-52492 CVE-2024-50116 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel bug due to missing clearing of buffer delay flag Syzbot reported that after nilfs2 reads a corrupted file system image and degrades to read-only, the BUGON check for the buffer delay flag in submitbhwbc may fai...

CVE-2024-41672

DuckDB is a SQL database management system. In versions 1.0.0 and prior, content in filesystem is accessible for reading using sniffcsv, even with enableexternalaccess=false. This vulnerability provides an attacker with access to filesystem even when access is expected to be disabled and other...

DEBIAN-CVE-2024-22018

A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve...

DEBIAN-CVE-2023-52760

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix slab-use-after-free in gfs2qddealloc In gfs2putsuper, whether withdrawn or not, the quota should be cleaned up by gfs2quotacleanup. Otherwise, struct gfs2sbd will be freed before gfs2qddealloc rcu callback has run for a...

nodejs: improper handling of wildcards in --allow-fs-read and --allow-fs-write

A flaw was found in the Node.js Permission Model, where it is not clarified in the documentation that wildcards should only be used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/.pub will ignore pub and give access to everything after .ssh/...