Insufficient Session Expiration

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Insufficient Session Expiration due to improper session management when user permissions are changed. An attacker can retain unauthorized access to resource...

SUSE CVE-2026-23893

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in group-writable token...

Command Injection

Overview webdataset is a High performance storage and I/O for deep learning and data processing. Affected versions of this package are vulnerable to Command Injection due to the user-supplied input handle. An attacker can execute arbitrary code with elevated permissions, potentially leading to...

Improper Validation of Specified Type of Input

Overview org.webjars.npm:validator is an A library of string validators and sanitizers. Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the isURL function which does not take into account : as the delimiter in browsers. An attackers can bypass...

PT-2024-21613 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue concerns the userfaultfd feature in the Linux kernel, where the src folio is changed after ensuring it's unpinned in UFFDIO MOVE. A commit was made to fix an unexpected chang...