CVE-2026-5958

A Time-of-Check Time-of-Use TOCTOU race condition was found in GNU sed. When the -i in-place and --follow-symlinks options are used together, sed resolves the symlink but reopens the path for writing. An attacker with write access to the directory containing the symlink can swap it between the...

CVE-2026-5958 Race Condition in GNU Sed

When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to its target and stores the resolved path for determining when output is written, 2. opens the original...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988793)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988793 advisory. In the Linux kernel, the following vulnerability has been resolved: serial: core: fix transmit-buffer reset and memleak Commit 761ed4a94582 tty: serialcore: convert...

EUVD-2025-18433

Malicious code in bioql PyPI...

Server Side Request Forgery (SSRF)

@opennextjs/cloudflare is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to an unimplemented feature in the Cloudflare adapter for Open Next, allows unauthenticated users to proxy arbitrary remote content via the /next/image endpoint...

CVE-2025-6087

A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy arbitrary remote content via the /next/image endpoint...

CVE-2025-6087

A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy arbitrary remote content via the /next/image endpoint...

CVE-2025-6087

A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy arbitrary remote content via the /next/image endpoint...

CVE-2025-6087 SSRF vulnerability in opennextjs-cloudflare via /_next/image endpoint

A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy arbitrary remote content via the /next/image endpoint...