UBUNTU-CVE-2026-24137

sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client pkg/tuf/client.go supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from...

CVE-2026-20613

The ArchiveReader.extractContents function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using...

Exploit for CVE-2026-22444

CVE-2026-22444 Apache Solr UNC Path Validation Vulnerability...

CVE-2026-24047 @backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass

Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the resolveSafeChildPath utility function in @backstage/backend-plugin-api, which is...

SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality

Summary The SiYuan Note application v3.5.3 contains a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the application's workspace without proper path validation Details The...

EUVD-2026-3291

SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality...

Backstage security vulnerabilities

Backstage is an open-source application developed by Backstage. It serves as an open platform for building developer portals. Backstage has a security vulnerability that stems from the resolveSafeChildPath utility function not properly verifying symbolic link chains and floating symbolic links,...

CVE-2026-23851

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 contain a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the application's workspace without proper pat...

MiracleLinux 9 : java-1.8.0-openjdk-1.8.0.392.b08-3.el9.ML.1 (AXSA:2023-6541:22)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6541:22 advisory. OpenJDK: segmentation fault in ciMethodBlocks CVE-2022-40433 OpenJDK: IOR deserialization issue in CORBA 8303384 CVE-2023-22067 OpenJDK: certificate...

MiracleLinux 7 : java-11-openjdk-11.0.21.0.9-1.el7 (AXSA:2023-6509:20)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6509:20 advisory. OpenJDK: certificate path validation issue during client authentication 8309966 CVE-2023-22081 Tenable has extracted the preceding description block directly...

MiracleLinux 9 : java-21-openjdk-21.0.1.0.12-2.el9.ML.1 (AXSA:2023-7024:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7024:01 advisory. OpenJDK: memory corruption issue on x8664 with AVX-512 8317121 CVE-2023-22025 OpenJDK: certificate path validation issue during client authenticatio...

MiracleLinux 8 : java-17-openjdk-17.0.9.0.9-2.el8 (AXSA:2023-6546:18)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6546:18 advisory. OpenJDK: memory corruption issue on x8664 with AVX-512 8317121 CVE-2023-22025 OpenJDK: certificate path validation issue during client authenticatio...

MiracleLinux 8 : java-11-openjdk-11.0.21.0.9-2.el8 (AXSA:2023-6545:24)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6545:24 advisory. OpenJDK: certificate path validation issue during client authentication 8309966 CVE-2023-22081 Tenable has extracted the preceding description block directly...

CVE-2026-23851

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 contain a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the application's workspace without proper pat...

CVE-2026-23851 SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 contain a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the application's workspace without proper pat...

CVE-2026-23851 SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 contain a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the application's workspace without proper pat...

CVE-2026-23851 SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 contain a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the application's workspace without proper pat...

PT-2026-3497

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.5.4 Description SiYuan is a personal knowledge management system with a logic issue in the /api/file/globalCopyFiles API endpoint. The issue allows authenticated users to copy files from any location on the server’s...

mariadb-devel:10.3 security update

An update is available for asio, galera, Judy, module.asio, mariadb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list MariaDB is a multi-user, multi-threaded SQL...

RockyLinux 8 : mariadb-devel:10.3 (RLSA-2026:0698)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:0698 advisory. mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation CVE-2025-13699 Tenable has extracted the preceding...