CVE-2026-45905

xfrm: fix iprtbug race in icmproutelookup reverse path...

Astra Linux - уязвимость в qtbase-opensource-src

In Qt 5.9.x through 5.15.x before 5.15.9, and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when it was not found in the PATH...

CVE-2026-43895

jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts embedded NUL bytes in import paths at the jq-language level, but later resolves those paths through C string operations during module and data-file lookup. This creates a mismatch between the logical import string that policy o...

CVE-2026-43895 jq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifacts

jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts embedded NUL bytes in import paths at the jq-language level, but later resolves those paths through C string operations during module and data-file lookup. This creates a mismatch between the logical import string that policy o...

EUVD-2026-29173

jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts embedded NUL bytes in import paths at the jq-language level, but later resolves those paths through C string operations during module and data-file lookup. This creates a mismatch between the logical import string that policy o...

CVE-2026-43895

jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts embedded NUL bytes in import paths at the jq-language level, but later resolves those paths through C string operations during module and data-file lookup. This creates a mismatch between the logical import string that policy o...

PT-2026-39719

Name of the Vulnerable Software and Affected Versions jq versions 1.8.1 and earlier Description jq accepts embedded NUL bytes in import paths at the jq-language level, but subsequently resolves those paths using C string operations during module and data-file lookup. This results in a mismatch...

CVE-2026-31668

In the Linux kernel, the following vulnerability has been resolved: seg6: separate dstcache for input and output paths in seg6 lwtunnel The seg6 lwtunnel uses a single dstcache per encap route, shared between seg6inputcore and seg6outputcore. These two paths can perform the post-encap SID lookup ...

CVE-2025-15547

By default, jailed processes cannot mount filesystems, including nullfs4. However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of the kernel's path lookup logic...

EUVD-2025-208408

By default, jailed processes cannot mount filesystems, including nullfs4. However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of the kernel's path lookup logic...

CVE-2025-15547

By default, jailed processes cannot mount filesystems, including nullfs4. However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of the kernel's path lookup logic...

CVE-2025-15547 Jail escape by a privileged user via nullfs

By default, jailed processes cannot mount filesystems, including nullfs4. However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of the kernel's path lookup logic...

CVE-2025-15547

This CVE (CVE-2025-15547) maps to FreeBSD Jail escape via nullfs. Problem: if a jail is configured with allow.mount.nullfs, a privileged user inside the jail can nullfs-mount directories, exploiting kernel path-lookup limitations to escape the jail and access the host/parent filesystem. Affects F...

FreeBSD 安全漏洞

FreeBSD is a Unix-like operating system developed by the FreeBSD Foundation. There is a security vulnerability in FreeBSD, which stems from limitations in the kernel’s path lookup logic. This vulnerability could allow privileged users in jail environments configured with the allow.mount.nullfs...

FreeBSD Security Advisory - FreeBSD-SA-26:02.jail

FreeBSD Security Advisory - By default, jailed processes cannot mount filesystems, including nullfs4. However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of th...

FreeBSD -- Jail escape by a privileged user via nullfs

Problem Description: By default, jailed processes cannot mount filesystems, including nullfs4. However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of the...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004447)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004447 advisory. An issue was discovered in fs/iouring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003827)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003827 advisory. An issue was discovered in fs/iouring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount...

Windows Exploitation Techniques: Winning Race Conditions with Path Lookups

Posted by James Forshaw This post was originally written in 2016 for the Project Zero blog. However, in the end it was published separately in the journal PoC||GTFOissue 13 as well as in the second volume of the printed version. In honor of our new blog we’re republishing it on this blog and...

EulerOS 2.0 SP11 : golang (EulerOS-SA-2025-2481)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.CVE-2025-4673 If...