CVE-2026-12539

Docker Sandboxes (sbx) ICMP egress restriction can be bypassed after daemon restart. The issue arises because the authorizer is applied only at network creation and is not re-applied to networks rebuilt from disk on restart, allowing a restart-surviving sandbox to forward ICMP to arbitrary hosts....

PT-2026-49593

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.1 Description Host-only cookies saved using the CookieJar.save function and subsequently restored via the CookieJar.load function lose their host-only status. This can result in cookies loaded from disk being sen...

Unity Linux 20.1060a Security Update: kernel (UTSA-2026-016777)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016777 advisory. In the Linux kernel, the following vulnerability has been resolved: hfsplus: Verify inode mode when loading from disk syzbot is reporting that SIFMT bits of...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007557)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007557 advisory. In the Linux kernel, the following vulnerability has been resolved: jfs: Verify inode mode when loading from disk The inode mode loaded from corrupted disk can be...

[SECURITY] Fedora 44 Update: shotwell-33~alpha-9.fc44

Shotwell is an easy-to-use, fast photo organizer designed for the GNOME desktop. It allows you to import photos from your camera or disk, organize them by date and subject matter, even ratings. It also offers basic photo editing, like crop, red-eye correction, color adjustments, and straighten...

n8n has Arbitrary Command Execution via File Write and Git Operations

Impact An authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration files and then triggering a git operation, the attacker could execute arbitrary she...

hfsplus: Verify inode mode when loading from disk

...

SUSE CVE-2025-68767

In the Linux kernel, the following vulnerability has been resolved: hfsplus: Verify inode mode when loading from disk syzbot is reporting that SIFMT bits of inode-imode can become bogus when the SIFMT bits of the 16bits "mode" field loaded from disk are corrupted. According to 1, the permissions...

CVE-2025-68767

In the Linux kernel, the following vulnerability has been resolved: hfsplus: Verify inode mode when loading from disk syzbot is reporting that SIFMT bits of inode-imode can become bogus when the SIFMT bits of the 16bits "mode" field loaded from disk are corrupted. According to 1, the permissions...

CVE-2025-68767 hfsplus: Verify inode mode when loading from disk

In the Linux kernel, the following vulnerability has been resolved: hfsplus: Verify inode mode when loading from disk syzbot is reporting that SIFMT bits of inode-imode can become bogus when the SIFMT bits of the 16bits "mode" field loaded from disk are corrupted. According to 1, the permissions...

Deserialization of Untrusted Data

Overview llama-index is an Interface between LLMs and your data Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the loadfromdisk function. An attacker can execute arbitrary code by supplying a crafted multiembedstore.pkl file in a user-controlled director...

CVE-2024-14021 LlamaIndex <= 0.11.6 BGEM3Index Unsafe Deserialization

LlamaIndex run-llama/llamaindex versions up to and including 0.11.6 contain an unsafe deserialization vulnerability in BGEM3Index.loadfromdisk in llamaindex/indices/managed/bgem3/base.py. The function uses pickle.load to deserialize multiembedstore.pkl from a user-supplied persistdir without...

CVE-2024-14021

Summary: CVE-2024-14021 affects LlamaIndex up to 0.11.6, where BGEM3Index.load_from_disk() deserializes multi_embed_store.pkl from a user-supplied persist_dir using pickle.load() without validation, enabling arbitrary code execution when the index is loaded from disk. This is reported across mult...

EUVD-2025-203645

In the Linux kernel, the following vulnerability has been resolved: erofs: avoid infinite loops due to corrupted subpage compact indexes Robert reported an infinite loop observed by two crafted images. The root cause is that clusterofs can be larger than lclustersize for !NONHEAD lclusters in...

CVE-2025-68266

The CVE-2025-68266 entry concerns Linux kernel BFS filesystem handling when loading file types from disk. The root cause is that S_IFMT bits of inode-&gt;i_mode can become bogus if the 32-bit mode or attributes fields loaded from disk are corrupted. The Linux kernel documentation indicates BFS us...

CVE-2025-68266 bfs: Reconstruct file type when loading from disk

In the Linux kernel, the following vulnerability has been resolved: bfs: Reconstruct file type when loading from disk syzbot is reporting that SIFMT bits of inode-imode can become bogus when the SIFMT bits of the 32bits "mode" field loaded from disk are corrupted or when the 32bits "attributes"...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from bfs not properly rebuilding file types when loading from disk...

jfs: Verify inode mode when loading from disk

...

CVE-2025-40312

Technical details about CVE-2025-40312 are not provided in the connected documents. The advisories reference numerous CVEs but do not include specifics for this CVE. Monitor vendor advisories for fixes and impacted products.

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unverified inode pattern loaded from disk, which could lead to data corruption...