7 matches found
SUSE-SU-2026:22172-1 Security update for zypper, libzypp, libsolv
This update for zypper, libzypp, libsolv fixes the following issues: Changes in zypper: Update to 1.14.98: - Transactional systems: Delegate rw-commands to transactional-wrapper if available jscPED-13680, jscPED-15607 On a transactional system where the root filesystem is mounted read-only, zyppe...
CVE-2026-50568
Fission (Kubernetes-native serverless framework) has a lexical path check vulnerability in SanitizeFilePath (pkg/utils/utils.go) that used strings.HasPrefix(path, safedir) instead of a directory-boundary check. This allowed a sibling directory escape (e.g., /packages-extra/evil under /packages) t...
PT-2026-49599
Impact skillctl 0.1.0 and 0.1.1 contained four path-safety vulnerabilities that, in combination, allowed an attacker to: 1. Exfiltrate arbitrary files on the operator's machine by publishing a malicious skills library containing a symlink inside a skill folder e.g. niania →...
CLSA-2026-1778768341 python: Fix of 4 CVEs
CVE-2019-9740: reject control characters in HTTP URL paths in httplib.HTTPConnection.putrequest to prevent CRLF header injection - CVE-2019-18348: reject control characters in hostnames in httplib.HTTPConnection.init via a new validatehost helper to prevent CRLF header injection the glibc...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal due to insufficient sanitization of directory names ending with a "." in the upload process. An attacker can write files outside the intended datastore directory by crafting directory names that end with "%2E". This ...
SafeKey: Amplifying Aha-Moment Insights for Safety Reasoning
Large Reasoning Models LRMs introduce a new generation paradigm of explicitly reasoning before answering, leading to remarkable improvements in complex tasks. However, they pose great safety risks against harmful queries and adversarial attacks. While recent mainstream safety efforts on LRMs,...
Path Traversal in Moby builder
util/binfmtmisc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call...