PT-2026-45756

Name of the Vulnerable Software and Affected Versions Gleam versions 0.10.0-rc1 through 1.17.0 Description A symlink following issue in the Hex package export allows files outside the project root to be embedded in the generated package tarball. The file collection helpers gleam files, native...

Moderate: Red Hat Security Advisory: Satellite 6.19.1 Async Update

A new release is now available for Red Hat Satellite 6.19 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

golang-github-openprinting-ipp-usb security update

An update is available for golang-github-openprinting-ipp-usb. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list HTTP reverse proxy, backed by IPP-over-USB...

RLSA-2026:19144 Important: golang-github-openprinting-ipp-usb security update

HTTP reverse proxy, backed by IPP-over-USB connection to device. It enables driverless support for USB devices capable of using IPP-over-USB protocol. Security Fixes: crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application CVE-2026-33810...

RLSA-2026:19135 Important: opentelemetry-collector security update

Collector with the supported components for a Rocky Enterprise Software Foundation build of OpenTelemetry Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to...

algernon 路径遍历漏洞

Algernon is a web server developed by Alexander F. Rødseth. Versions of Algernon prior to 1.17.6 contained a path traversal vulnerability. This vulnerability stemmed from the uploadedFileSaveIn function in lua/upload/upload.go, which used filepath.Join to concatenate the directory provided by the...

TencentOS Server 3: grafana (TSSA-2026:0374)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0374 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

RHEL 10 : golang-github-openprinting-ipp-usb (RHSA-2026:19550)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:19550 advisory. HTTP reverse proxy, backed by IPP-over-USB connection to device. It enables driverless support for USB devices capable of using IPP-over-U...

CVE-2026-42549

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the make:controller CLI command calls mkdir..., recursive: true on a path built from the user-supplied controller name, before Nette's class-name validation runs. The class-file write is correctly rejected by Nette when the name...

CVE-2026-42549

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the make:controller CLI command calls mkdir..., recursive: true on a path built from the user-supplied controller name, before Nette's class-name validation runs. The class-file write is correctly rejected by Nette when the name...

Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 golang:...

Important: Red Hat Security Advisory: golang security update

An update for golang is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

MiracleLinux 8 : go-toolset:rhel8 (AXSA:2026-564:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-564:01 advisory. golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32282 crypto/tls: golang: Go crypto/tls: Denial of Service via...

golang security update

An update is available for golang. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The golang packages provide the Go programming language compiler. Security...

PT-2026-37316

Name of the Vulnerable Software and Affected Versions ciguard versions 0.8.0 through 0.8.1 Description The discover pipeline files function in src/ciguard/discovery.py improperly handles symlinks when walking a directory tree. An attacker who can place a symlink in a directory being scanned can...

CVE-2026-34726 Copier `_subdirectory` allows template root escape via parent-directory traversal

Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when...

GHSA-G9C2-GF25-3X67 @tinacms/graphql's `FilesystemBridge` Path Validation Can Be Bypassed via Symlinks or Junctions

Summary @tinacms/graphql uses string-based path containment checks in FilesystemBridge: - path.resolvepath.joinbaseDir, filepath - startsWithresolvedBase + path.sep That blocks plain ../ traversal, but it does not resolve symlink or junction targets. If a symlink/junction already exists under the...

Nokia Airscale ASIKA Single RAN 路径遍历漏洞

Nokia Airscale ASIKA Single RAN is an application for end-to-end use by Nokia of Finland. A security vulnerability exists in NOKIA Airscale ASIKA Single RAN prior to version 21B. An attacker can exploit the vulnerability to access files and directories stored outside the web root folder...

SUSE CVE-2018-1000073

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in installlocation function of package.rb that can result in...

[Full-Disclosure] R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rapid7, Inc. Security Advisory Visit http://www.rapid7.com/ to download NeXpose, the world's most advanced vulnerability scanner. Linux and Windows 2000/XP versions are available now! Rapid7 Advisory R7-0015 Multiple Vulnerabilities Apple...