openSUSE 16 Security Update : docker-stable (openSUSE-SU-2026:20814-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20814-1 advisory. This update for docker-stable fixes the following issues - CVE-2026-33747: github.com/moby/buildkit: malicious frontends can craft API messages...

SUSE-SU-2026:21851-1 Security update for docker-stable

This update for docker-stable fixes the following issues - CVE-2026-33747: github.com/moby/buildkit: malicious frontends can craft API messages that cause files to be written outside of the BuildKit state directory bsc1260967. - CVE-2026-33748: github.com/moby/buildkit: insufficient validation of...

OPENSUSE-SU-2026:20809-1 Security update for trivy

This update for trivy fixes the following issues - CVE-2025-64702: github.com/quic-go/quic-go/http3: quic-go HTTP/3 QPACK Header Expansion DoS bsc1255366. - CVE-2025-69725: github.com/go-chi/chi/v5: incorrect input validation in the RedirectSlashes function can lead to an open redirect bsc1258513...

CVE-2026-39918

Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where the subdir POST parameter is written unsanitized into the env.php configuration file without escaping or validation. Attackers can inject arbitrary PHP code by breaking out of the string context in t...

CVE-2026-33748

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011349)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011349 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in procreaddirde Pde is erased from subdir rbtree through rberase, but not set...

CVE-2026-39918

Vvveb before 1.0.8.1 contains a code injection vulnerability in the installation endpoint. The subdir POST parameter is written unsanitized into env.php without escaping or validation, allowing an attacker to break out of the string context in the define statement and achieve unauthenticated remo...

CVE-2026-39918 Vvveb < 1.0.8.1 Code Injection via Installation Endpoint

Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where the subdir POST parameter is written unsanitized into the env.php configuration file without escaping or validation. Attackers can inject arbitrary PHP code by breaking out of the string context in t...

Vvveb 安全漏洞

Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.1 contained security vulnerabilities. These vulnerabilities stemmed from the subdir parameter being written to the...

PT-2026-33779

Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where the subdir POST parameter is written unsanitized into the env.php configuration file without escaping or validation. Attackers can inject arbitrary PHP code by breaking out of the string context in t...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007455)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007455 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in procreaddirde Pde is erased from subdir rbtree through rberase, but not set...

GHSA-FV83-X2XW-2J55 vulnerabilities

Vulnerabilities for packages: grafana-operator, victoriametrics-cluster, ingress-nginx-controller, oras, aws-privateca-issuer, aws-load-balancer-controller, goreleaser, aws-network-policy-agent, omnibump, envoy-ratelimit, temporal, newrelic-infra-operator, dkron, flux-image-reflector-controller,...

Linux Distros Unpatched Vulnerability : CVE-2026-33748

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient...

GO-2026-4859 BuildKit Git URL subdir component can cause access to restricted files in github.com/moby/buildkit

BuildKit Git URL subdir component can cause access to restricted files in github.com/moby/buildkit...

CVE-2026-33748

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is...

CVE-2026-33748 BuildKit Git URL subdir component can cause access to restricted files

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is...

CVE-2026-33748 BuildKit Git URL subdir component can cause access to restricted files

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is...

CVE-2026-33748

CVE-2026-33748 (BuildKit) : Prior to BuildKit 0.28.1, there was insufficient validation of Git URL fragment subdir components, which could allow access to files outside the checked-out Git repository root (limited to files on the same mounted filesystem). Red Hat advisories for OpenShift Service ...

CVE-2026-33748

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is...

CVE-2026-33748 BuildKit Git URL subdir component can cause access to restricted files

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is...