CVE-2026-40344

MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's Snowball auto-extract handler PutObjectExtractHandler allows any user who knows a valid access key to write...

CVE-2026-41144

F´ F Prime is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds check byteOffset + dataSize fileSize uses U32 addition that wraps around on overflow. An attacker-crafted DataPacket with...

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. There is a security vulnerability in uutils coreutils. This vulnerability stems from the dd utility suppressing errors during file truncation operations by unconditionally calling Result::ok. Although...

PT-2026-34328

A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in the chat session handler by manipulating the logs dir parameter. This allows the attacker to create new directories and write files to arbitrary locations on the system, potentially leading to...

PT-2026-34508

A logic error in the ln utility of uutils coreutils allows the utility to dereference a symbolic link target even when the --no-dereference or -n flag is explicitly provided. The implementation previously only honored the "no-dereference" intent if the --force overwrite mode was also enabled. Thi...

OpenRemote 访问控制错误漏洞

OpenRemote is an open-source IoT platform developed by OpenRemote. Versions of OpenRemote prior to 1.22.1 contained a access control vulnerability. This vulnerability stemmed from the possibility for users with the write:admin permission to call the Manager API and update user Keycloak domain rol...

PT-2026-34526

Summary A user who has write:admin in one Keycloak realm can call the Manager API to update Keycloak realm roles for users in another realm, including master. The handler uses the realm path segment when talking to the identity provider but does not check that the caller may administer that realm...

PT-2026-34342

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix NULL pointer dereference in netfs unbuffered write on retry When a write subrequest is marked NETFS SREQ NEED RETRY, the retry path in netfs unbuffered write unconditionally calls stream-prepare write without checking ...

Red Hat Enterprise Linux AI 路径遍历漏洞

Red Hat Enterprise Linux AI is a Linux distribution created by the American company Red Hat for generative AI. Red Hat Enterprise Linux AI has a path traversal vulnerability. This vulnerability stems from the chat session handler’s lack of protection against path traversal attacks. Local attacker...

PT-2026-34598

Name of the Vulnerable Software and Affected Versions CI4MS Theme affected versions not specified Description The upload function in CI4MS Theme fails to validate entry names when extracting user-uploaded ZIP archives. This allows an authenticated backend user with theme create permissions to...

PT-2026-37153

Name of the Vulnerable Software and Affected Versions i18next-fs-backend versions prior to 2.6.4 Description i18next-fs-backend substitutes the lng and ns options directly into the configured loadPath and addPath templates to read or write files from the disk. Because this interpolation is...

PT-2026-34492

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the install utility of uutils coreutils when using the -D flag. The command creates parent directories and subsequently performs a second path resolution to create the target file, neither of which is anchored to a directory file...

PT-2026-34293

The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading to Remote Code Execution in all versions up to and including 1.19.2. This is due to insufficient validation of the file path stored in the 'hh htpasswd path' option and lack of sanitization on the...

PT-2026-34621

Name of the Vulnerable Software and Affected Versions rust-openssl versions prior to 0.10.78 Description The aes::unwrap key function contains an incorrect assertion regarding the output buffer size. It checks that out.len + 8 = in .len - 8. Consequently, the function accepts buffers that are too...

MinIO 授权问题漏洞

MinIO is an open-source object storage server developed by the American company MinIO. This product supports the creation of infrastructures for machine learning, analysis, and application data workloads. Versions of MinIO from RELEASE.2023-05-18T00-05-36Z to RELEASE.2026-04-11T03-20-12Z containe...

Tanium Interact 资源管理错误漏洞

Tanium Interact is a query and interaction component of the Tanium platform from the American company Tanium. Tanium Interact has a resource management vulnerability, which stems from allowing authenticated Tanium users with Write Filter group permissions to perform denial-of-service attacks on t...

Tanium Server 安全漏洞

Tanium Server is a security management platform provided by the American company Tanium. There is a security vulnerability in Tanium Server, which allows authenticated Tanium users with the role of Administrator or Write Downloader authentication permissions to retrieve credentials used for remot...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013787)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013787 advisory. In the Linux kernel, the following vulnerability has been resolved: hfs: fix OOB Read in hfsbrecfind Syzbot reported a OOB read bug:...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013741)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013741 advisory. In the Linux kernel, the following vulnerability has been resolved: nbd: fix incomplete validation of ioctl arg We tested and found an alarm caused by nbdioctl arg...

Linux Distros Unpatched Vulnerability : CVE-2026-35356

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the install utility of uutils coreutils when using the -D flag. The command creates parent...