CVE-2026-40344 MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads

MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's Snowball auto-extract handler PutObjectExtractHandler allows any user who knows a valid access key to write...

EUVD-2026-24579

MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's Snowball auto-extract handler PutObjectExtractHandler allows any user who knows a valid access key to write...

CVE-2026-40344

MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's Snowball auto-extract handler PutObjectExtractHandler allows any user who knows a valid access key to write...

CVE-2026-41144

F´ F Prime is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds check byteOffset + dataSize fileSize uses U32 addition that wraps around on overflow. An attacker-crafted DataPacket with...

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. There is a security vulnerability in uutils coreutils. This vulnerability stems from the dd utility suppressing errors during file truncation operations by unconditionally calling Result::ok. Although...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013436)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013436 advisory. In the Linux kernel, the following vulnerability has been resolved: mm/damon/dbgfs: fix 'struct pid' leaks in 'dbgfstargetidswrite' DAMON debugfs interface increases...

PT-2026-34328

A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in the chat session handler by manipulating the logs dir parameter. This allows the attacker to create new directories and write files to arbitrary locations on the system, potentially leading to...

PT-2026-37153

Name of the Vulnerable Software and Affected Versions i18next-fs-backend versions prior to 2.6.4 Description i18next-fs-backend substitutes the lng and ns options directly into the configured loadPath and addPath templates to read or write files from the disk. Because this interpolation is...

PT-2026-34508

A logic error in the ln utility of uutils coreutils allows the utility to dereference a symbolic link target even when the --no-dereference or -n flag is explicitly provided. The implementation previously only honored the "no-dereference" intent if the --force overwrite mode was also enabled. Thi...

PT-2026-34581

IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to write arbitrary files on the system...

PT-2026-34342

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix NULL pointer dereference in netfs unbuffered write on retry When a write subrequest is marked NETFS SREQ NEED RETRY, the retry path in netfs unbuffered write unconditionally calls stream-prepare write without checking ...

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. uutils coreutils has a security vulnerability. This vulnerability stems from the mv utility’s check-time-to-use-time flaw during cross-device operations. The extended attribute retention logic utilizes...

MinIO 授权问题漏洞

MinIO is an open-source object storage server developed by the American company MinIO. This product supports the creation of infrastructures for machine learning, analysis, and application data workloads. Versions of MinIO from RELEASE.2023-05-18T00-05-36Z to RELEASE.2026-04-11T03-20-12Z containe...

Red Hat Enterprise Linux AI 路径遍历漏洞

Red Hat Enterprise Linux AI is a Linux distribution created by the American company Red Hat for generative AI. Red Hat Enterprise Linux AI has a path traversal vulnerability. This vulnerability stems from the chat session handler’s lack of protection against path traversal attacks. Local attacker...

OpenRemote 访问控制错误漏洞

OpenRemote is an open-source IoT platform developed by OpenRemote. Versions of OpenRemote prior to 1.22.1 contained a access control vulnerability. This vulnerability stemmed from the possibility for users with the write:admin permission to call the Manager API and update user Keycloak domain rol...

PT-2026-34492

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the install utility of uutils coreutils when using the -D flag. The command creates parent directories and subsequently performs a second path resolution to create the target file, neither of which is anchored to a directory file...

PT-2026-34293

The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading to Remote Code Execution in all versions up to and including 1.19.2. This is due to insufficient validation of the file path stored in the 'hh htpasswd path' option and lack of sanitization on the...

PT-2026-34621

Name of the Vulnerable Software and Affected Versions rust-openssl versions prior to 0.10.78 Description The aes::unwrap key function contains an incorrect assertion regarding the output buffer size. It checks that out.len + 8 = in .len - 8. Consequently, the function accepts buffers that are too...

Tanium Interact 资源管理错误漏洞

Tanium Interact is a query and interaction component of the Tanium platform from the American company Tanium. Tanium Interact has a resource management vulnerability, which stems from allowing authenticated Tanium users with Write Filter group permissions to perform denial-of-service attacks on t...

Tanium Server 安全漏洞

Tanium Server is a security management platform provided by the American company Tanium. There is a security vulnerability in Tanium Server, which allows authenticated Tanium users with the role of Administrator or Write Downloader authentication permissions to retrieve credentials used for remot...