Astra Linux - уязвимость в golang-1.19, golang-1.23

If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...

SUSE CVE-2026-30892

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...

crun 安全漏洞

Crun is an OCI container runtime library developed by Containers in C language. Versions of Crun from 1.19 to 1.26 and earlier contain security vulnerabilities. These vulnerabilities stem from errors in parsing the crun exec option with the -u parameter, which may allow processes to run with...

CVE-2026-30892

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...

EUVD-2026-16026

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...

EUVD-2026-1998

WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, WebErpMesv2 contains a file upload validation bypass vulnerability in multiple controllers that allows authenticated users to upload arbitrary files, including PHP scripts, leading to Remote...

agentengine (>=0.1.5 <=0.1.8), deepmost (=0.5.2) +11 more potentially affected by CVE-2025-9959 via smolagents (>=1.12.0 <=1.19.0)

smolagents PYPI version =1.12.0, =0.1.5, =0.1.0, =0.1.1, =0.1.1, =0.1.0, =0.16.0, =0.0.1.dev0, =0.0.1, =0.3.0, =0.3.7 Source cves: CVE-2025-9959 Source advisory: SNYK:PYTHON-SMOLAGENTS-12549208...

CVE-2025-9136

A flaw has been found in libretro RetroArch 1.18.0/1.19.0/1.20.0. This affects the function filestreamvscanf of the file libretro-common/streams/filestream.c. This manipulation causes out-of-bounds read. The attack needs to be launched locally. Upgrading to version 1.21.0 mitigates this issue. It...

PT-2025-42738

Name of the Vulnerable Software and Affected Versions Go versions prior to 1.24.9-alt1 OpenTofu versions =2.10.0 Description The issue is a memory exhaustion flaw in the encoding/asn1 package of the Go programming language. The code pre-allocates memory based on fields within a DER structure befo...

PT-2025-42739

Name of the Vulnerable Software and Affected Versions golang versions 1.15 and 1.19 Description A flaw exists in the cookie parsing functionality of the net/http package. An absence of limits during cookie parsing can lead to excessive memory consumption, potentially resulting in memory exhaustio...

PT-2023-24241 · Mojang · Minecraft

Name of the Vulnerable Software and Affected Versions: Minecraft versions 1.19 through 1.20 pre-releases before 7 Java Description: The issue allows for arbitrary file overwrite, and possibly code execution, via crafted world data that contains a symlink. Recommendations: For Minecraft versions...