WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-2r75-cxrj-cmph For more information see the GitHub-hosted security advisory...

CVE-2026-32128 FastGPT Python Sandbox Bypass of File-Write Restriction

FastGPT is an AI Agent building platform. In 4.14.7 and earlier, FastGPT's Python Sandbox fastgpt-sandbox includes guardrails intended to prevent file writes static detection + seccomp. These guardrails are bypassable by remapping stdout fd 1 to an arbitrary writable file descriptor using fcntl...

CVE-2026-30228

Parse Server is affected where the readOnlyMasterKey is used with the Files API (POST /files/:filename, DELETE /files/:filename). Prior to versions 8.6.5 and 9.5.0-alpha.3, this could bypass the read-only restriction, allowing an attacker with the readOnlyMasterKey to upload arbitrary files or de...

CVE-2026-29182

CVE-2026-29182 affects Parse Server prior to 8.6.4 and 9.4.1-alpha.3, where the readOnlyMasterKey is incorrectly allowed to perform mutating operations, bypassing the documented denial of writes. An attacker who knows the readOnlyMasterKey can create, modify, or delete Cloud Hooks and start Cloud...

EUVD-2026-7438

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/ can be...

CVE-2026-25723

Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude...

PT-2025-46879

Name of the Vulnerable Software and Affected Versions D-Link DIR-823G router firmware version DIR823G V1.0.2B05 20181207.bin Description A command injection issue exists in the D-Link DIR-823G router firmware. The timelycheck and sysconf binaries process the /var/system/linux vlan reinit file. Th...

CVE-2023-53434 remoteproc: imx_dsp_rproc: Add custom memory copy implementation for i.MX DSP Cores

In the Linux kernel, the following vulnerability has been resolved: remoteproc: imxdsprproc: Add custom memory copy implementation for i.MX DSP Cores The IRAM is part of the HiFi DSP. According to hardware specification only 32-bits write are allowed otherwise we get a Kernel panic. Therefore add...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not allowing directory writes...

SUSE CVE-2024-21980

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity...

CVE-2020-25720

A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation. This issue occurs because the administrator...

CVE-2024-21980

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity...

CVE-2024-21980

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity...

CVE-2023-31355

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest...

CVE-2023-31355

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest...

CVE-2024-21980

The CVE-2024-21980 issue is in AMD SNP firmware (SEV-SNP). The root cause is improper restriction of write operations in SNP firmware, which could allow a local malicious hypervisor to overwrite a guest VM’s memory or the UMC seed, leading to loss of confidentiality and integrity. Documents consi...

CVE-2024-21980

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity...

CVE-2024-21980

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity...

CVE-2023-31355

CVE-2023-31355 is associated with SNP firmware write restrictions; a malicious hypervisor could overwrite a guest’s UMC seed and potentially read memory from a decommissioned guest. Connected advisories (Fedora Linux-firmware updates around 2025-03-11) provide concrete remediation: update linux-f...

CVE-2023-31355

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest...