flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation

A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. The caching mechanism for ld.so dynamic linker/loader improperly removes outdated cache files without adequately verifying that the application-controlled path to the outdated cache is within the designated...

flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation

A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. The caching mechanism for ld.so dynamic linker/loader improperly removes outdated cache files without adequately verifying that the application-controlled path to the outdated cache is within the designated...

flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options

A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. A malicious application could exploit this by using specially crafted symlinks within the sandbox-expose options of the Flatpak portal. This allows the application to access arbitrary host files and potentiall...

flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation

A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. The caching mechanism for ld.so dynamic linker/loader improperly removes outdated cache files without adequately verifying that the application-controlled path to the outdated cache is within the designated...

flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options

A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. A malicious application could exploit this by using specially crafted symlinks within the sandbox-expose options of the Flatpak portal. This allows the application to access arbitrary host files and potentiall...

CVE-2026-41235

CVE-2026-41235 affects Froxlor 2.3.6 where system.available_shells is used to present allowed shells but not enforced by server-side Ftps::add/ Ftps::update. An authenticated customer with shell delegation can submit an arbitrary shell (e.g., /bin/bash); with nssextrausers integration this shell ...

kernel: Bluetooth: hci_sync: Fix UAF in le_read_features_complete

A flaw was found in the Bluetooth Host Controller Interface HCI synchronization module hcisync of the Linux kernel. A use-after-free UAF vulnerability exists in the lereadfeaturescomplete function, where a freed hciconn object is accessed. This can allow an attacker to cause a system crash, leadi...

CVE-2019-25736

LabF nfsAxe 3.7 Ping Client contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the Host IP field. Attackers can craft a specially formatted input file with shellcode and overwrite the return address to execute calc.ex...

CVE-2019-25736 LabF nfsAxe 3.7 Ping Client Buffer Overflow

LabF nfsAxe 3.7 Ping Client contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the Host IP field. Attackers can craft a specially formatted input file with shellcode and overwrite the return address to execute calc.ex...

CVE-2019-25736

LabF nfsAxe 3.7 Ping Client contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the Host IP field. Attackers can craft a specially formatted input file with shellcode and overwrite the return address to execute calc.ex...

CVE-2019-25736

LabF nfsAxe 3.7 Ping Client is affected by a buffer overflow in the Host IP field that enables local code execution via a crafted input file containing shellcode and a overwritten return address, potentially running commands such as calc.exe. The CVSS metrics reported a high-severity, local-explo...

CVE-2019-25736 LabF nfsAxe 3.7 Ping Client Buffer Overflow

LabF nfsAxe 3.7 Ping Client contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the Host IP field. Attackers can craft a specially formatted input file with shellcode and overwrite the return address to execute calc.ex...

Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks

Summary In affected versions, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header could make request.url.path differ from the pa...

EUVD-2026-32016

Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks...

GHSA-86QP-5C8J-P5MR Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks

Summary In affected versions, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header could make request.url.path differ from the pa...

PYSEC-0000-CVE-2026-10803

A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digestutils of the file mlflow/data/digestutils.py of the component Dataset Digest Computation. This manipulation causes use of weak hash. It is possible to launch the attack on the local host. The attack is...

RLSA-2026:21757 Important: flatpak security update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on host via improper cache file...

flatpak security update

An update is available for flatpak. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Flatpak is a system for building, distributing, and running sandboxed deskto...

CVE-2026-10803 MLflow Dataset Digest Computation digest_utils.py mlflow.data.digest_utils weak hash

A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digestutils of the file mlflow/data/digestutils.py of the component Dataset Digest Computation. This manipulation causes use of weak hash. It is possible to launch the attack on the local host. The attack is...

MAL-2026-5183 Malicious code in hpe-glcp-automation-lib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 53256c57763ad4be286cf74bf0162b67413edc085338e3778ac9bc2afa1b4b93 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...