PT-2026-34495

A Time-of-Check to Time-of-Use TOCTOU vulnerability in the cp utility of uutils coreutils allows an attacker to bypass no-dereference intent. The utility checks if a source path is a symbolic link using path-based metadata but subsequently opens it without the O NOFOLLOW flag. An attacker with...

uutils coreutils 后置链接漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils. uutils coreutils has a post-installation link vulnerability, which stems from a race condition. This vulnerability could allow attackers to bypass the intended references, enabling the privileged cp process to cop...

PT-2026-34316

The Gallagher Website Design plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's login link shortcode in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the 'prefix' attribute. This makes it possible for...

PT-2026-34510

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the split utility of uutils coreutils. The program attempts to prevent data loss by checking for identity between input and output files using their file paths before initiating the split operation. However, the utility subsequently...

uutils coreutils 后置链接漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils. uutils coreutils has a post-installation link vulnerability, which arises from improper handling of directories containing symbolic links during the mv command’s file system boundary movement. This vulnerability m...

PT-2026-34488

Name of the Vulnerable Software and Affected Versions uutils coreutils affected versions not specified Description A Time-of-Check to Time-of-Use TOCTOU race condition exists in the mkfifo utility. This occurs when the utility creates a FIFO and subsequently performs a path-based chmod to set...

PT-2026-34508

A logic error in the ln utility of uutils coreutils allows the utility to dereference a symbolic link target even when the --no-dereference or -n flag is explicitly provided. The implementation previously only honored the "no-dereference" intent if the --force overwrite mode was also enabled. Thi...

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. There is a security vulnerability in uutils coreutils, which stems from a race condition during the chcon recursive operation between checking time and execution time. This condition may allow local...

PT-2026-34509

A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms e.g., ln SOURCE... DIRECTORY. While GNU ln treats filenames as raw bytes and creates the links correctly, the uutils implementation...

Linux Distros Unpatched Vulnerability : CVE-2026-35356

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the install utility of uutils coreutils when using the -D flag. The command creates parent...

Linux Distros Unpatched Vulnerability : CVE-2026-35359

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Time-of-Check to Time-of-Use TOCTOU vulnerability in the cp utility of uutils coreutils allows an attacker to bypass no-dereference intent. The utility checks...

Linux Distros Unpatched Vulnerability : CVE-2026-35372

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A logic error in the ln utility of uutils coreutils allows the utility to dereference a symbolic link target even when the --no-dereference or -n flag is...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013543)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013543 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix potential panic dues to unprotected smcllcsrvaddlink There is a certain chance to...

CVE-2026-34292

creationtimestamp| type| source ---|---|--- 2026-04-21 23:29:48+00:00| seen| Telegram/DVTWZmGG1qCJe-0IJfQ1HXgYFTwgnUj24suPZSIXyV8Y 2026-04-22 12:50:20+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mk3jwqt6xo2w...

CVE-2026-34320

creationtimestamp| type| source ---|---|--- 2026-04-21 23:29:48+00:00| seen| Telegram/DVTWZmGG1qCJe-0IJfQ1HXgYFTwgnUj24suPZSIXyV8Y 2026-04-22 22:00:37+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mk4iopy6s62g...

CVE-2026-35231

creationtimestamp| type| source ---|---|--- 2026-04-21 23:24:12+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mk24vaufko2t 2026-04-21 23:30:11+00:00| seen| Telegram/14RDzCjaAGLQIuKBJtHoIYde60oDRnqUnuM1SZUlRS4U4fg...

CVE-2026-35230

creationtimestamp| type| source ---|---|--- 2026-04-21 23:24:04+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mk24uz5hbr2s 2026-04-21 23:30:11+00:00| seen| Telegram/14RDzCjaAGLQIuKBJtHoIYde60oDRnqUnuM1SZUlRS4U4fg 2026-04-22 12:50:28+00:00| seen|...

CVE-2026-41126 BigBlueButton has Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL"

BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have an Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL." Version 3.0.24 has adjusted the handling of requests with incorrect checksum so that the default logoutURL is used. No known workarounds...

CVE-2026-41055

creationtimestamp| type| source ---|---|--- 2026-04-21 23:22:31+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mk24sardg72f 2026-04-22 01:18:49+00:00| published-proof-of-concept| Telegram/AsK9uQCoE0LPzwbkNe8abRZIpzVzCCIAKmN05DDH2W6pw...

CVE-2026-6830

creationtimestamp| type| source ---|---|--- 2026-04-21 22:29:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjzzsxde2n2h...