PT-2026-32974

Name of the Vulnerable Software and Affected Versions free5GC versions 4.2.1 and earlier Description An improper path validation issue exists in the UDR service. The endpoint 'GET /nudr-dr/v2/application-data/influenceData/influenceId/subscriptionId' is designed to operate only when the influence...

PT-2026-33229

Summary goshs contains an SFTP root escape caused by prefix-based path validation. An authenticated SFTP user can read from and write to filesystem paths outside the configured SFTP root, which breaks the intended jail boundary and can expose or modify unrelated server files. Details The SFTP...

SUSE CVE-2026-32146

Improper path validation vulnerability in the Gleam compiler's handling of git dependencies allows arbitrary file system modification during dependency download. Dependency names from gleam.toml and manifest.toml are incorporated into filesystem paths without sufficient validation or confinement ...

CLSA-2026-1776099155 systemd: Fix of 2 CVEs

CVE-2026-29111: validate input cgroup path in GetUnitByControlGroup to prevent PID 1 assert/freeze on spurious IPC API calls - CVE-2026-4105: reject invalid class types when registering machines in systemd-machined to prevent privilege escalation...

CVE-2026-32146

A flaw was found in the Gleam compiler. A malicious direct or transitive git dependency can exploit an improper path validation vulnerability in the Gleam compiler's handling of git dependencies during dependency download. This allows for arbitrary file system modification, including the deletion...

CVE-2026-32146

Improper path validation vulnerability in the Gleam compiler's handling of git dependencies allows arbitrary file system modification during dependency download. Dependency names from gleam.toml and manifest.toml are incorporated into filesystem paths without sufficient validation or confinement ...

EEF-CVE-2026-32146 Improper Path Validation in Git Dependency Handling Allows Arbitrary File System Modification

Summary Improper path validation vulnerability in the Gleam compiler's handling of git dependencies allows arbitrary file system modification during dependency download. Dependency names from gleam.toml and manifest.toml are incorporated into filesystem paths without sufficient validation or...

Directory Traversal

PraisonAI is vulnerable to Directory Traversal. The vulnerability is due to unsafe extraction of archive files without validating member paths, which allows an attacker to overwrite arbitrary files outside the intended directory...

EUVD-2026-21653

NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

CVE-2026-5053

NoMachine External Control of File Path Arbitrary File Deletion Vulnerability. This vulnerability allows local attackers to delete arbitrary files on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

CVE-2026-5054

NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

CVE-2026-5053 NoMachine External Control of File Path Arbitrary File Deletion Vulnerability

NoMachine External Control of File Path Arbitrary File Deletion Vulnerability. This vulnerability allows local attackers to delete arbitrary files on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

EUVD-2026-21651

NoMachine External Control of File Path Arbitrary File Deletion Vulnerability. This vulnerability allows local attackers to delete arbitrary files on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

CVE-2026-5053

CVE-2026-5053 – NoMachine : Local attacker can delete arbitrary files via improper validation of a user-supplied path in environment variables. The flaw exists in NoMachine’s file operations, allowing root-context deletions after gaining low-privilege code execution. Connected sources (e.g., ZDI-...

CVE-2026-5053 NoMachine External Control of File Path Arbitrary File Deletion Vulnerability

NoMachine External Control of File Path Arbitrary File Deletion Vulnerability. This vulnerability allows local attackers to delete arbitrary files on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

PT-2026-32098

Name of the Vulnerable Software and Affected Versions Gleam versions 1.9.0-rc1 through 1.15.3 and 1.16.0-rc1 Description An improper path validation issue exists in the Gleam compiler when handling git dependencies during the dependency download process. Dependency names from gleam.toml and...

gleam 安全漏洞

Gleam is an open-source, type-safe, extensible system construction language developed by Gleam. There are security vulnerabilities in Gleam versions 1.9.0-rc1 and earlier, up to 1.16.0-rc1, due to improper path validation when handling git dependencies. These vulnerabilities could lead to arbitra...

CVE-2026-40157

PraisonAI is a multi-agent teams system. Prior to 4.5.128, cmdunpack in the recipe CLI extracts .praison tar archives using raw tar.extract without validating archive member paths. A .praison bundle containing ../../ entries will write files outside the intended output directory. An attacker who...

Rembg 安全漏洞

Rembg is a tool developed by Daniel Gatis for deleting image backgrounds. Versions of Rembg prior to 2.0.75 contained security vulnerabilities, which were caused by insufficient validation of the HTTP server’s modelpath parameter, potentially allowing path traversal attacks...

CVE-2026-39977

flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined licence files relative to the source directory of the module. The paths from that array are resolved using gfileresolverelativepath and...