75 matches found
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : containerd vulnerabilities (USN-8472-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8472-1 advisory. It was discovered that containerd incorrectly handled HTTP/2 SETTINGS frames. A remote attacker could possibl...
USN-8472-1 containerd-app vulnerabilities
It was discovered that containerd incorrectly handled HTTP/2 SETTINGS frames. A remote attacker could possibly use this issue to cause containerd to enter an infinite loop, resulting in a denial of service. CVE-2026-33814 Jakub Ciolek and Kyle Elliott discovered that containerd incorrectly handle...
CVE-2026-29518
Rsync
CVE-2026-7875
NanoClaw version 1.2.0 and prior contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a compromised or prompt-injected container to read files outside the intended outbox directory by supplying crafted messagesout.id and...
GHSA-PG4W-G64P-QWHJ gix and gitoxide's symlinked .gitmodules are followed and parsed from outside of the repository
Summary attachments: pocs.zip When Repository::submodules loads submodule metadata, it prefers the worktree .gitmodules file if that path exists. In the current implementation, the path is read with std::fs::read, which follows symlinks. As a result, a repository can present a symlinked .gitmodul...
Linux Distros Unpatched Vulnerability : CVE-2026-6941
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured...
CVE-2026-6968 Multiple Path Traversal Variants in awslabs/tough
Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with delegated signing authority to write files outside intended output directories via absolute target names in copytarget/linktarget, symlinked parent directories in savetarget, or symlinked...
CVE-2026-6941
radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malicious .zrp archive containing a symlinked notes.txt file. Attackers can craft a .zrp archive with a...
PT-2026-34752
radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malicious .zrp archive containing a symlinked notes.txt file. Attackers can craft a .zrp archive with a...
uutils coreutils 后置链接漏洞
uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. uutils coreutils has a post-installation link vulnerability. This vulnerability arises because the tail utility may disclose sensitive file contents when using the --follow=name option. Unlike GNU tail...
CVE-2026-35525 LiquidJS has a root restriction bypass for partial and layout loading through symlinked templates
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, for % include %, % render %, and % layout %, LiquidJS checks whether the candidate path is inside the configured partials or layouts roots before reading it. That check is path-based, not...
CVE-2026-35525 LiquidJS has a root restriction bypass for partial and layout loading through symlinked templates
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, for % include %, % render %, and % layout %, LiquidJS checks whether the candidate path is inside the configured partials or layouts roots before reading it. That check is path-based, not...
EUVD-2026-20594
LiquidJS: Root restriction bypass for partial and layout loading through symlinked templates...
CVE-2026-32043
OpenClaw versions prior to 2026.2.25 contain a time-of-check-time-of-use vulnerability in approval-bound system.run execution where the cwd parameter is validated at approval time but resolved at execution time. Attackers can retarget a symlinked cwd between approval and execution to bypass comma...
CVE-2026-27523
OpenClaw versions prior to 2026.2.24 contain a sandbox bind validation vulnerability allowing attackers to bypass allowed-root and blocked-path checks via symlinked parent directories with non-existent leaf paths. Attackers can craft bind source paths that appear within allowed roots but resolve...
EUVD-2026-12734
OpenClaw versions prior to 2026.2.24 contain a sandbox bind validation vulnerability allowing attackers to bypass allowed-root and blocked-path checks via symlinked parent directories with non-existent leaf paths. Attackers can craft bind source paths that appear within allowed roots but resolve...
CVE-2026-27523
OpenClaw versions prior to 2026.2.24 contain a sandbox bind validation vulnerability allowing attackers to bypass allowed-root and blocked-path checks via symlinked parent directories with non-existent leaf paths. Attackers can craft bind source paths that appear within allowed roots but resolve...
CVE-2026-27523 OpenClaw < 2026.2.24 - Sandbox Bind Validation Bypass via Symlink-Parent Missing-Leaf Paths
OpenClaw versions prior to 2026.2.24 contain a sandbox bind validation vulnerability allowing attackers to bypass allowed-root and blocked-path checks via symlinked parent directories with non-existent leaf paths. Attackers can craft bind source paths that appear within allowed roots but resolve...
CVE-2026-27523
OpenClaw OpenClaw prior to version 2026.2.24 contains a sandbox bind-validation bypass vulnerability. The issue lets a bind source path that uses a symlinked parent with a non-existent leaf circumvent allowed-root and blocked-path checks, causing the path to resolve outside the sandbox and weaken...
EUVD-2010-3758
Malware in sbrugna...