82 matches found
EUVD-2026-33598
A Dag author could either a create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process read-path attack — e.g. /etc/passwd or airflow.cfg or b supply a taskid containing .. sequences accepted by the Task SDK's KEYREGEX write-path attack, and...
CLSA-2026-1778894989 subversion: Fix of CVE-2021-28544
CVE-2021-28544: fix authz copyfrom path information leak in svn log -v...
Linux Distros Unpatched Vulnerability : CVE-2026-43069
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: hcill: Fix firmware leak on error path Smatch reports: drivers/bluetooth/hcill.c:587 downloadfirmware warn: 'fw' from requestfirmware not released on...
Astra Linux - уязвимость в linux-5.15, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: i2c: cadence: cdnsi2cmasterxfer: Fix runtime PM leak on error path The cdnsi2cmasterxfer function gets a runtime PM reference when the function is entered. This reference is released when the function is exited. There is currentl...
Astra Linux - уязвимость в firefox
Under specific circumstances a WebExtension may have received a jar:file:/// URI instead of a moz-extension:/// URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...
Astra Linux - уязвимость в firefox
When following a redirect to a publicly accessible web extension file, the URL may have been translated into the actual local path, potentially exposing sensitive information. This vulnerability affects Firefox versions earlier than 111...
CVE-2026-34515 AIOHTTP: UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windows
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, on Windows the static resource handler may expose information about a NTLMv2 remote path. This issue has been patched in version 3.13.4...
Linux Distros Unpatched Vulnerability : CVE-2026-23087
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: xen: scsiback: Fix potential memory leak in scsibackremove Memory allocated for struct vscsiblkinfo in scsibackprobe is not freed in scsibackremove leadin...
GHSA-M733-5W8F-5GGW pnpm has symlink traversal in file:/git dependencies
Summary When pnpm installs a file: directory or git: dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path e.g., /etc/passwd, /.ssh/idrsa causes pnpm to copy that file's contents...
📄 AVideo Notify.ffmpeg.json.php Unauthenticated Remote Code Execution
This Metasploit module exploits an unauthenticated remote code execution vulnerability in the AVideos notify.ffmpeg.json.php endpoint. The vulnerability stems from a critical cryptographic weakness in the salt generation mechanism combined with information disclosure vulnerabilities that allow an...
CVE-2023-29538
Under specific circumstances a WebExtension may have received a jar:file:/// URI instead of a moz-extension:/// URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...
Linux Distros Unpatched Vulnerability : CVE-2023-54175
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - i2c: xiic: xiicxfer: Fix runtime PM leak on error path The xiicxfer function gets a runtime PM reference when the function is entered. This reference is release...
EUVD-2023-60466
In the Linux kernel, the following vulnerability has been resolved: i2c: xiic: xiicxfer: Fix runtime PM leak on error path The xiicxfer function gets a runtime PM reference when the function is entered. This reference is released when the function is exited. There is currently one error path wher...
CVE-2023-54175
In the Linux kernel, the following vulnerability has been resolved: i2c: xiic: xiicxfer: Fix runtime PM leak on error path The xiicxfer function gets a runtime PM reference when the function is entered. This reference is released when the function is exited. There is currently one error path wher...
PT-2025-53955
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's networking subsystem related to DSA Distributed Switch Architecture and 802.1Q tagging. Specifically, if the dsa tag 8021q setup function fails, such ...
SUSE CVE-2023-54009
In the Linux kernel, the following vulnerability has been resolved: i2c: cadence: cdnsi2cmasterxfer: Fix runtime PM leak on error path The cdnsi2cmasterxfer function gets a runtime PM reference when the function is entered. This reference is released when the function is exited. There is currentl...
UBUNTU-CVE-2023-54009
In the Linux kernel, the following vulnerability has been resolved: i2c: cadence: cdnsi2cmasterxfer: Fix runtime PM leak on error path The cdnsi2cmasterxfer function gets a runtime PM reference when the function is entered. This reference is released when the function is exited. There is currentl...
QiHang Media Web Digital Signage 安全漏洞
QiHang Media Web Digital Signage is a digital signage management software from the Chinese company QiHang. A security vulnerability exists in QiHang Media Web Digital Signage version 3.0.9, which originates from a file leak in the filename and path parameters, which may lead to information...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987634)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987634 advisory. In the Linux kernel, the following vulnerability has been resolved: media: irtoy: free before error exiting Fix leak in error path. Tenable has extracted the precedi...
EUVD-2002-0281
Malware in sbrugna...