PT-2026-38244

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.15 Description An arbitrary file read issue exists in the QMD backend memory get function. Attackers with access to the memory tool can bypass path restrictions by providing arbitrary workspace Markdown paths,...

Astra Linux - уязвимость в linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ocxl: fix pci device refcount leak when calling getfunction0 getfunction0 calls pcigetdomainbusandslot, as comment says, it returns a pci device with refcount increment, so after using it, pcidevput needs be called. Get the devic...

CVE-2026-7596

A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py of the component Slide Generator. Such manipulation leads to cross site scripting. The attack may ...

CVE-2026-7596 nextlevelbuilder ui-ux-pro-max-skill Slide Generator generate-slide.py data.get cross site scripting

A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py of the component Slide Generator. Such manipulation leads to cross site scripting. The attack may ...

PT-2026-36548

Name of the Vulnerable Software and Affected Versions nextlevelbuilder ui-ux-pro-max-skill versions prior to 2.5.1 Description A remote cross-site scripting issue exists in the Slide Generator component. The problem occurs within the data.get function of the...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013643)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013643 advisory. In the Linux kernel, the following vulnerability has been resolved: pinctrl: check the return value of pinmuxops::getfunctionname While the API contract in docs...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007493)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007493 advisory. In the Linux kernel, the following vulnerability has been resolved: pinctrl: check the return value of pinmuxops::getfunctionname While the API contract in docs...

Path Traversal

PyMuPDF is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths in the embedded get function in main.py, allowing attackers to manipulate paths and write files outside the intended directory, leading to arbitrary file write...

SUSE CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

EUVD-2026-13117

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

PyMuPDF has a path traversal in _main_.py

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

UBUNTU-CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

CVE-2026-3029

PyMuPDF (Python wrapper for MuPDF) has a path traversal / arbitrary file write vulnerability in version 1.26.5. The flaw resides in embedded_get, which uses untrusted embedded file metadata as the output path. If args.output is not provided, the function may write to arbitrary local paths, potent...

CVE-2026-3029 CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

CVE-2026-3029 CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

CVE-2026-3970

CVE-2026-3970 affects Tenda i3 1.0.0.6(2204). The vulnerability is in the function formwrlSSIDget of the file /goform/wifiSSIDget, where manipulation of the argument index can trigger a stack-based buffer overflow . It can be exploited remotely, and a working exploit has been published. The provi...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993310)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993310 advisory. In the Linux kernel, the following vulnerability has been resolved: ocxl: fix pci device refcount leak when calling getfunction0 getfunction0 calls...