PT-2026-38244

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.15 Description An arbitrary file read issue exists in the QMD backend memory get function. Attackers with access to the memory tool can bypass path restrictions by providing arbitrary workspace Markdown paths,...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ocxl: The issue of a reference count leak for PCI devices occurred when calling getfunction0. getfunction0 calls pcigetdomainbusandslot. As commented, this function returns a PCI device with a reference count increase. Therefore,...

CVE-2026-7596 nextlevelbuilder ui-ux-pro-max-skill Slide Generator generate-slide.py data.get cross site scripting

A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py of the component Slide Generator. Such manipulation leads to cross site scripting. The attack may ...

CVE-2026-7596

A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py of the component Slide Generator. Such manipulation leads to cross site scripting. The attack may ...

PT-2026-36548

Name of the Vulnerable Software and Affected Versions nextlevelbuilder ui-ux-pro-max-skill versions prior to 2.5.1 Description A remote cross-site scripting issue exists in the Slide Generator component. The problem occurs within the data.get function of the...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013643)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013643 advisory. In the Linux kernel, the following vulnerability has been resolved: pinctrl: check the return value of pinmuxops::getfunctionname While the API contract in docs...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007493)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007493 advisory. In the Linux kernel, the following vulnerability has been resolved: pinctrl: check the return value of pinmuxops::getfunctionname While the API contract in docs...

Path Traversal

PyMuPDF is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths in the embedded get function in main.py, allowing attackers to manipulate paths and write files outside the intended directory, leading to arbitrary file write...

SUSE CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

EUVD-2026-13117

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

PyMuPDF has a path traversal in _main_.py

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

UBUNTU-CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

CVE-2026-3029 CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

CVE-2026-3029 CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

CVE-2026-3029

Summary: CVE-2026-3029 affects PyMuPDF 1.26.5. A path traversal in the embedded_get function (in main .py) allows arbitrary file writes. Impact: writing files to arbitrary local locations, potentially with elevated privileges. Status: document set confirms version and file, with remediation guida...

CVE-2026-3970

CVE-2026-3970 affects Tenda i3 1.0.0.6(2204). The vulnerability is in the function formwrlSSIDget of the file /goform/wifiSSIDget, where manipulation of the argument index can trigger a stack-based buffer overflow . It can be exploited remotely, and a working exploit has been published. The provi...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993310)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993310 advisory. In the Linux kernel, the following vulnerability has been resolved: ocxl: fix pci device refcount leak when calling getfunction0 getfunction0 calls...