Security Bulletin: Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp

Summary Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp tftpfile modules, erlang otp inets tftpfile modules, erlang otp tftp tftpfile modules allows Relative Path Traversal. This vulnerability is associated with program files...

com.datasqrl.flinkrunner:stdlib-json (>=0.9.0 <=0.10.1), com.datasqrl:sqrl-discovery (>=0.9.0 <=0.10.4) +17 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-runtime (=2.2.0)

org.apache.flink:flink-table-runtime MAVEN version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.flink:flink-table-runtime and may be impacted: - com.datasqrl.flinkrunner:stdlib-json =0.9.0, =0.9.0, =0.9.0, =0.9.0, =2.2.0-EXNESS-0.1...

org.apache.doris:flink-doris-connector-2.0 (>=26.0.0 <=26.1.1), org.apache.flink:flink-examples-table_2.12 (>=2.0.0 <=2.0.1) +6 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-runtime (>=2.0.0 <=2.0.1)

org.apache.flink:flink-table-runtime MAVEN version =2.0.0, =26.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.1 Source cves: CVE-2026-35194 Source advisory: SNYK:JAVA-ORGAPACHEFLINK-16799797...

kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel

A flaw was found in the Linux kernel's xfrm-ESP and RxRPC subsystems. Unsafe in-place cryptographic processing of shared socket buffer fragments allows a low-privileged local attacker to corrupt page-cache contents of readable files, including sensitive system files, and gain root privileges. The...

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers CVE-2026-43503 In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy...

CVE-2026-45227

Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted...

python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

CVE-2026-44374

Backstage is an open framework for building developer portals. Prior to 0.6.11, the unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permission authorization checks. Any authenticated user can access unprocessed entity records regardless o...

SUSE CVE-2026-42946

A vulnerability exists in the ngxhttpscgimodule and ngxhttpuwsgimodule modules that may result in excessive memory allocation or an over-read of data. When scgipass or uwsgipass is configured, an unauthenticated attacker with man-in-the-middle MITM ability to control responses from an upstream...

Critical: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: nginx: nginx-1.30.1-1.hum1 aarch64, x8664 nginx-all-modules-1.30.1-1.hum1 noarch nginx-core-1.30.1-1.hum1 aarch64, x8664 nginx-filesystem-1.30.1-1.hum1 noarch nginx-mod-devel-1.30.1-1.hum1 aarch6...

Linux Distros Unpatched Vulnerability : CVE-2026-42946

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability exists in the ngxhttpscgimodule and ngxhttpuwsgimodule modules that may result in excessive memory allocation or an over-read of data. When...

CVE-2026-44364

MISP modules are autonomous modules that can be used to extend MISP for new services. In 3.0.7 and earlier, a Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerabili...

CVE-2026-44363

MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7, an unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The htmltomarkdown module accepted arbitrary HTTPS URLs without sufficient validation, which could allo...

CVE-2026-44363

The CVE-2026-44363 issue affects MISP modules (misp-modules), specifically the html_to_markdown and qrcode modules. Root cause: unsafe remote resource fetching and insufficient URL validation, with qrcode also disabling TLS certificate verification. Impact: potential Server-Side Request Forgery (...

CVE-2026-44363 Unsafe remote resource fetching in expansion misp-modules

MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7, an unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The htmltomarkdown module accepted arbitrary HTTPS URLs without sufficient validation, which could allo...

CVE-2026-44363 Unsafe remote resource fetching in expansion misp-modules

MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7, an unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The htmltomarkdown module accepted arbitrary HTTPS URLs without sufficient validation, which could allo...

CVE-2026-44363

MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7, an unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The htmltomarkdown module accepted arbitrary HTTPS URLs without sufficient validation, which could allo...

CVE-2026-44364 misp-modules website - Missing CSRF protection in the website home blueprint

MISP modules are autonomous modules that can be used to extend MISP for new services. In 3.0.7 and earlier, a Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerabili...

CVE-2026-44364

MISP modules are autonomous modules that can be used to extend MISP for new services. In 3.0.7 and earlier, a Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerabili...

CVE-2026-44364

The CVE affects the MISP-modules component in MISP modules’ home blueprint prior to 3.0.7, where CSRF protection was disabled, allowing an authenticated user to trigger unintended requests and potentially modify session query data. The issue was fixed by enabling CSRF protection for the affected ...