Security update for csync2

This update for csync2 fixes the following issue CVE-2026-41051: uses insecure temporary directories when compiled with C99 or later bsc1262472. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively yo...

SUSE-SU-2026:2116-1 Security update for csync2

This update for csync2 fixes the following issue - CVE-2026-41051: uses insecure temporary directories when compiled with C99 or later bsc1262472...

EUVD-2026-33277

A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories. An authenticated user with campaign import privileges...

MAL-2026-4547 Malicious code in cxpher-linux-arm32 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd6c14d2899b638880b25bf1c35973ed1c9cf6fcb99331447e3da7c2478124c7 The package's main is an ARM ELF binary that, when loaded, mkdtemp's a working directory under /dev/shm/.cxpher.XXXXXX or /tmp/.cxpher.XXXXXX, writes...

GHSA-F2M9-WCF4-CWWX MLFlow Creates a Temporary File With Insecure Permissions

In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...

MLFlow Creates a Temporary File With Insecure Permissions

In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...

CVE-2026-4137

In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...

Linux Distros Unpatched Vulnerability : CVE-2026-41051

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories. CVE-2026-41051 Note...

Path Traversal

github.com/dgraph-io/dgraph is vulnerable to Path Traversal. The vulnerability is due to improper validation of the dagRunId request field passed into filepath.Join, which allows an attacker to exploit directory traversal using values such as .. and trigger unintended deletion of system temporary...

EUVD-2026-29920

csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories...

DEBIAN-CVE-2026-41051

csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories...

UBUNTU-CVE-2026-41051

csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories...

CVE-2026-41051

csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories...

CVE-2026-41051

csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories...

CVE-2026-41051 csync2 uses insecure temporary directories when compiled with C99 or later

csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories...

CVE-2026-41051 csync2 uses insecure temporary directories when compiled with C99 or later

csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories...

CVE-2026-41051

CVE-2026-41051 affects csync2 and is due to the use of insecure temporary directories when csync2 is compiled with C99 or later, enabling TOCTOU-style issues in temporary paths. Public records indicate the vulnerability impacts openSUSE Tumbleweed’s csync2 package in the 2.0+git.1600444747.83b364...

Linbit csync2 安全漏洞

Linbit csync2 is a cluster synchronization tool developed by the Austrian company Linbit. It is primarily used to keep files synchronized across multiple hosts within a cluster. Linbit csync2 has a security vulnerability that stems from the use of insecure temporary directories during compilation...

VMware Spring Boot 安全漏洞

VMware Spring Boot is an open-source framework developed by the American company VMware. There are security vulnerabilities in versions 4.0.0 to 4.0.5, 3.5.0 to 3.5.13, 3.4.0 to 3.4.15, 3.3.0 to 3.3.18, and 2.7.0 to 2.7.32 of VMware Spring Boot. These vulnerabilities stem from predictable tempora...

CVE-2026-28462

OpenClaw versions prior to 2026.2.13 contain a vulnerability in the browser control API in which it accepts user-supplied output paths for trace and download files without consistently constraining writes to temporary directories. Attackers with API access can exploit path traversal in POST...