PT-2026-34500

A Time-of-Check to Time-of-Use TOCTOU race condition exists in the mv utility of uutils coreutils during cross-device operations. The utility removes the destination path before recreating it through a copy operation. A local attacker with write access to the destination directory can exploit thi...

PT-2026-34559

Name of the Vulnerable Software and Affected Versions RustFS versions prior to 1.0.0-alpha.94 Description Four notification target admin API endpoints in rustfs/src/admin/handlers/event.rs use a check permissions helper that validates authentication but fails to perform admin-action authorization...

Linux Distros Unpatched Vulnerability : CVE-2026-35355

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The install utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition during file installation. The implementation unlin...

Linux Distros Unpatched Vulnerability : CVE-2026-35364

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Time-of-Check to Time-of-Use TOCTOU race condition exists in the mv utility of uutils coreutils during cross-device operations. The utility removes the...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013498)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013498 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: Avoid overwriting the copies of clcsock callback functions The callback functions of...

OpenC3 COSMOS allows arbitrary writes to plugins directory via path-traversed config filenames

Summary OpenC3 COSMOS contains a design flaw in the savetoolconfig function that allows saving tool configuration files at arbitrary locations inside the shared /plugins directory tree by supplying crafted configuration filenames. Although the implementation sufficiently mitigates standard path...

CVE-2026-41127 BigBlueButton's missing authorization allows viewer to inject/overwrite captions

BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have a missing authorization that allows viewers to inject/overwrite captions Version 3.0.24 tightened the permissions on who is able to submit captions. No known workarounds are available...

K000160938: OpenSSH vulnerabilities CVE-2019-16905 and CVE-2020-12062

Security Advisory Description CVE-2019-16905 OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution...

CVE-2026-40866

Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document upload endpoint allows any authenticated user to overwrite or replace or corrupt another employee’s document by changing the document ID in the upload...

EUVD-2026-23901

python-dotenv: Symlink following in setkey allows arbitrary file overwrite via cross-device rename fallback...

GHSA-MF9W-MJ56-HR94 python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback

Summary setkey and unsetkey in python-dotenv follow symbolic links when rewriting .env files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when a cross-device rename fallback is triggered. Details The rewrite context manager in dotenv/main.py is used by both setkey...

python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback

Summary setkey and unsetkey in python-dotenv follow symbolic links when rewriting .env files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when a cross-device rename fallback is triggered. Details The rewrite context manager in dotenv/main.py is used by both setkey...

CLSA-2026-1776769506 libexif: Fix of 3 CVEs

CVE-2026-32775: fix buffer overwrite via integer underflow in MakerNote entry value handling - CVE-2026-40385: fix unsigned 32-bit integer overflow in Nikon MakerNote handling - CVE-2026-40386: fix integer underflow in Fuji/Olympus MakerNote size checks...

WWBN AVideo 跨站请求伪造漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the objects/configurationUpdate.json.php file, which protected the endpoint through...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013237)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013237 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject iftype change with mesh ID change It's currently possible to change the mes...

Debian dla-4540 : libmupdf-dev - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4540 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4540-1 [email protected] https://www.debian.org/lts/security/...

FreeBSD -- Missing large page handling in pmap_pkru_update_range()

Problem Description: In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the presence of 1GB largepage mappings created using the shmcreatelargepage3 interface...

SUSE CVE-2026-5958

When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to its target and stores the resolved path for determining when output is written, 2. opens the original...

CVE-2026-5358

Rejected reason: REJECTED: CVE-2026-5358 is rejected for two reasons. Firstly it has been discovered that no NIS+ client or server was ever released for any Linux-based OS distributions and as such this makes the API provisional and unused. Secondly it has been discovered that the NIS+ cold...

CVE-2026-35465

SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle submissions on the SecureDrop Workstation. In versions 0.17.4 and below, a compromised SecureDrop Server can achieve code execution on the Client's virtual machine sd-app by exploiting improper...