CVE-2026-31668

The CVE-2026-31668 issue affects the Linux kernel’s seg6 lwtunnel, where a single dst_cache was shared between input and output paths. This allowed the post-encap SID lookup to be performed in different routing contexts, with the second path potentially reusing the first path’s cached data and by...

PT-2026-35020

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the seg6 lwtunnel, a single dst cache per encap route is shared between the seg6 input core and seg6 output core functions. Because these two paths can perform post-encap SID lookups ...

CVE-2025-55130

A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...

CVE-2025-55130

A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...

PT-2024-23724 · Beescms · Beescms

Name of the Vulnerable Software and Affected Versions: beescms version 4.0 Description: The issue allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admin template.php. This is an arbitrary file write vulnerability...