CVE-2026-9129

The CVE-2026-9129 entry concerns Altium Enterprise Server Viewer StorageController. On on‑prem deployments using local filesystem storage, an authenticated user can supply a URL-encoded absolute path in a Viewer storage API request, causing the storage root to be discarded and enabling arbitrary ...

EUVD-2026-31148

A path traversal vulnerability exists in the Altium Enterprise Server Viewer StorageController due to improper handling of file path route parameters. On on-premise deployments that use local filesystem storage, a regular authenticated user can supply a URL-encoded absolute path such as an encode...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Avoid sg device teardown race The function sgremovesfpusercontext must not use sgdeviceDestroy after calling scsidevicePut. sgdeviceDestroy accesses the parent scsidevice request queue, which will already be set to NULL...

PT-2026-42246

A path traversal vulnerability exists in the Altium Enterprise Server Viewer StorageController due to improper handling of file path route parameters. On on-premise deployments that use local filesystem storage, a regular authenticated user can supply a URL-encoded absolute path such as an encode...

CVE-2026-43413

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Fix NULL pointer exception during userscan userscan invokes updated sasuserscan for channel 0, and if successful, iteratively scans remaining channels 1 to shost-maxchannel via scsiscanhostselected in commit...

CVE-2026-43275 scsi: ufs: core: Flush exception handling work when RPM level is zero

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Flush exception handling work when RPM level is zero Ensure that the exception event handling work is explicitly flushed during suspend when the runtime power management level is set to UFSPMLVL0. When the RPM...

Astra Linux - уязвимость в qemu

A heap-based buffer overflow was discovered in QEMU version 5.0.0 in the SDHCI device emulation support. This vulnerability could occur during a multi-block SDMA transfer using the sdhcisdmatransfermultiBlocks routine in the hw/sd/sdhci.c file. A malicious user or process could exploit this flaw ...

CVE-2026-23360

CVE-2026-23360 relates to the Linux kernel nvme subsystem where, during a controller reset, nvme_alloc_admin_tag_set() could leave a previous admin queue alive, risking an orphaned queue. The issue is fixed by releasing the old queue before allocating a new one, mitigating the leak. Multiple conn...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001127)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001127 advisory. The Serial Attached SCSI SAS implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of servic...

SUSE CVE-2025-68745

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Clear cmds after chip reset Commit aefed3e5548f "scsi: qla2xxx: target: Fix offline port handling and host reset handling" caused two problems: 1. Commands sent to FW, after chip reset got stuck and never freed as ...

UBUNTU-CVE-2025-40001

In the Linux kernel, the following vulnerability has been resolved: scsi: mvsas: Fix use-after-free bugs in mvsworkqueue During the detaching of Marvell's SAS/SATA controller, the original code calls canceldelayedwork in mvsfree to cancel the delayed work item mwq-workq. However, if mwq-workq is...

Linux Distros Unpatched Vulnerability : CVE-2023-53603

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: qla2xxx: Avoid fcport pointer dereference Klocwork reported warning of NULL pointer may be dereferenced. The routine exits when sactl is NULL and fcport i...

EUVD-2014-4935

Malware in sbrugna...

EUVD-2025-26659

Malicious code in bioql PyPI...

CLSA-2025-1757698145 kernel: Fix of 42 CVEs

x86/kvm: Disable kvmclock on all CPUs on shutdown CVE-2021-47110 - posix-cpu-timers: fix race between handleposixcputimers and posixcputimerdel CVE-2025-38352 - cifs: fix double free race when mount fails in cifsgetroot CVE-2022-48919 - aio: mark AIO pseudo-fs noexec CVE-2016-10044 - cifs:...

CVE-2025-9937

A security flaw has been discovered in elunez eladmin 1.1. Impacted is the function deleteFile of the component LocalStorageController. The manipulation results in improper authorization. The attack may be performed from remote. The exploit has been released to the public and may be exploited...

scsi: hisi_sas: Create all dump files during debugfs initialization

...

CVE-2025-9937

A vulnerability CVE-2025-9937 affects elunez eladmin 1.1, specifically the deleteFile function in the LocalStorageController. The flaw enables improper authorization and is remotely exploitable; the exploit has been publicly released. Public sources in the connected documents indicate that, as of...

CVE-2025-9937 elunez eladmin LocalStorageController deleteFile improper authorization

A security flaw has been discovered in elunez eladmin 1.1. Impacted is the function deleteFile of the component LocalStorageController. The manipulation results in improper authorization. The attack may be performed from remote. The exploit has been released to the public and may be exploited...

CVE-2025-8965

A vulnerability has been found in linlinjava litemall up to 1.8.0. This vulnerability affects the function create of the file litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminStorageController.java of the component Endpoint. The manipulation of the argument File leads to...