Canonical Multipass 安全漏洞

Canonical Multipass is a virtual instance of Ubuntu developed by Canonical OpenSource. Versions of Canonical Multipass prior to 1.16.3 contained security vulnerabilities. These vulnerabilities stemmed from the validatepath function in the sshfsserver component, which had a path bypass issue. It...

CVE-2026-47274

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, multiple pamusb helper tools resolved external binaries through the PATH environment variable rather than using absolute paths. An attacker who can influence the process environment during PAM...

CVE-2026-48710 Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks

Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a TOCTOU vulnerability in ONNX [GHSA-q56x-g2fj-4rj6]

Summary IBM Watson Speech Services Cartridge is vulnerable to a TOCTOU vulnerability in ONNX, due to multiple issues in the saveexternaldata method which introduce an arbitrary file read/write on any system GHSA-q56x-g2fj-4rj6. ONNX is used in our speech runtimes. This vulnerabilitiy has been...

Security Bulletin: Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack

Summary The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0. Vulnerability Details CVEID:CVE-2026-5061 DESCRIPTION:...

CVE-2026-2614 Arbitrary File Read via Prompt Tag Source Validation Bypass in mlflow/mlflow

A vulnerability in the createmodelversion handler of mlflow/server/handlers.py in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a CreateModelVersion request includes the tag...

EUVD-2026-29088

Improper restriction of excessive authentication attempts CWE-307 in pgAdmin 4. pgAdmin enforces MAXLOGINATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login view, which is registered automatically by security.initapp and is reachable on every server, never...

GHSA-HV9P-2PQF-R5W3 pgAdmin 4: Improper restriction of excessive authentication attempts

Improper restriction of excessive authentication attempts CWE-307 in pgAdmin 4. pgAdmin enforces MAXLOGINATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login view, which is registered automatically by security.initapp and is reachable on every server, never...

PT-2026-39630

Improper restriction of excessive authentication attempts CWE-307 in pgAdmin 4. pgAdmin enforces MAX LOGIN ATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login view, which is registered automatically by security.init app and is reachable on every server, never...

PT-2026-38389

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.0 Description NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in the host context. This occurs because...

Access Control Bypass

Overview org.springframework.security:spring-security-config is a security configuration package for Spring Framework. Affected versions of this package are vulnerable to Access Control Bypass in the XML authorization rules processing when the servlet-path attribute is used. An attacker can gain...

Amazon Linux 2 : docker, --advisory ALAS2NITRO-ENCLAVES-2026-094 (ALASNITRO-ENCLAVES-2026-094)

"The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-094 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs...

Important: docker

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

Important: containerd

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

CVE-2026-39977

A flaw was found in flatpak-builder. A specially crafted manifest or source can bypass path restrictions by using symbolic links within the license-files field, allowing the builder to follow paths outside the intended source directory, reading arbitrary files from the host system and including...

Important: nerdctl

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2026-1572)

"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1572 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir o...

PT-2026-32041

Name of the Vulnerable Software and Affected Versions ClearanceKit versions prior to 5.0.4-beta-1f46165 Description ClearanceKit monitors file system access on macOS and applies access policies per process. Before version 5.0.4-beta-1f46165, the Endpoint Security event handler only verified the...

EUVD-2026-19875

Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, the dev server’s handling of .map requests for optimized dependencies resolves file paths and calls readFile without restricting ../ segments in the URL. As a result, it is possible to bypass the...

CVE-2026-3872

A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers URIs that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information...