Linux Distros Unpatched Vulnerability : CVE-2026-31702

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - f2fs: fix use-after-free of sbi in f2fscompresswriteendio In f2fscompresswriteendio, decpagecountsbi, type can bring the F2FSWBCPDATA counter to zero, unblockin...

GHSA-XP9F-PVVC-57P4 CI4MS Backup::restore is vulnerable to Zip Slip leading to RCE

Summary ci4ms Backup::restore extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user with the backup create permission to write files to arbitrary filesystem locations Zip Slip and achieve remote code execution by dropping a PHP file under the...

CVE-2026-39377 nbconvert has an Arbitrary File Write via Path Traversal in Cell Attachment Filenames

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment filenames. The...

Hono missing validation of cookie name on write path in setCookie()

Summary Cookie names are not validated on the write path when using setCookie, serialize, or serializeSigned to generate Set-Cookie headers. While certain cookie attributes such as domain and path are validated, the cookie name itself may contain invalid characters. This results in inconsistent...

GHSA-26PP-8WGV-HJVM Hono missing validation of cookie name on write path in setCookie()

Summary Cookie names are not validated on the write path when using setCookie, serialize, or serializeSigned to generate Set-Cookie headers. While certain cookie attributes such as domain and path are validated, the cookie name itself may contain invalid characters. This results in inconsistent...

CVE-2026-23437 net: shaper: protect late read accesses to the hierarchy

In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect late read accesses to the hierarchy We look up a netdev during prep of Netlink ops pre- callbacks and take a ref to it. Then later in the body of the callback we take its lock or RCU which are the actual...

SAMSUNG多款产品 安全漏洞

SAMSUNG Mobile Processor and SAMSUNG Wearable Processor are both products of South Korean company Samsung. The SAMSUNG Mobile Processor is a series of mobile processors. The SAMSUNG Wearable Processor is a series of wearable processors. Several SAMSUNG products have security vulnerabilities. Thes...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005107)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005107 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix DIO failure due to insufficient transaction credits The code in ocfs2dioendiowrite...

Linux Distros Unpatched Vulnerability : CVE-2025-40244

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hfsplus: fix KMSAN uninit-value issue in hfsplusextcacheextent The syzbot reported issue in hfsplusextcacheextent: 70.194323 T9350 BUG: KMSAN: uninit-value in...

AZL-70903 CVE-2025-64506 affecting package gdal 3.6.3-5

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's pngwriteimage8bit function when processing 8-bit images through t...

UBUNTU-CVE-2025-64506

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's pngwriteimage8bit function when processing 8-bit images through t...

CVE-2025-39993 media: rc: fix races with imon_disconnect()

In the Linux kernel, the following vulnerability has been resolved: media: rc: fix races with imondisconnect Syzbot reports a KASAN issue as below: BUG: KASAN: use-after-free in createpipe include/linux/usb.h:1945 inline BUG: KASAN: use-after-free in sendpacket+0xa2d/0xbc0...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987209)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987209 advisory. In the Linux kernel, the following vulnerability has been resolved: tpm: fix reference counting for struct tpmchip The following sequence of operations results in a...

CVE-2025-39879 ceph: always call ceph_shift_unused_folios_left()

In the Linux kernel, the following vulnerability has been resolved: ceph: always call cephshiftunusedfoliosleft The function cephprocessfoliobatch sets foliobatch entries to NULL, which is an illegal state. Before foliobatchrelease crashes due to this API violation, the function...

CVE-2025-9810

TOCTOU in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen"w" on the history path and subsequent chmod on the same path...

Linux Distros Unpatched Vulnerability : CVE-2022-49923

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nfc: nxp-nci: Fix potential memory leak in nxpncisend nxpncisend will call nxpncii2cwrite, and only free skb when nxpncii2cwrite failed. However, even if the...

UBUNTU-CVE-2025-37806

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Keep write operations atomic syzbot reported a NULL pointer dereference in genericfilewriteiter. 1 Before the write operation is completed, the user executes ioctl2 to clear the compress flag of the file, which causes t...

CVE-2024-12216

A vulnerability in the ImageClassificationDataset.fromcsv API of the dmlc/gluon-cv repository, version 0.10.0, allows for arbitrary file write. The function downloads and extracts tar.gz files from URLs without proper sanitization, making it susceptible to a TarSlip vulnerability. Attackers can...

CVE-2024-10833

eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as 'knowledge' is susceptible to absolute path traversal, allowing attackers to write files to arbitrary locations on the target server. This vulnerability arises...

CVE-2022-49068 btrfs: release correct delalloc amount in direct IO write path

In the Linux kernel, the following vulnerability has been resolved: btrfs: release correct delalloc amount in direct IO write path Running generic/406 causes the following WARNING in btrfsdestroyinode which tells there are outstanding extents left. In btrfsgetblocksdirectwrite, we reserve a...