Hono missing validation of cookie name on write path in setCookie()

Summary Cookie names are not validated on the write path when using setCookie, serialize, or serializeSigned to generate Set-Cookie headers. While certain cookie attributes such as domain and path are validated, the cookie name itself may contain invalid characters. This results in inconsistent...

CVE-2026-5747

An out-of-bounds write issue in the virtio PCI transport in Firecracker 1.13.0 through 1.14.3 and 1.15.0 on x8664 and aarch64 might allow a local guest user with root privileges to crash the Firecracker VMM process or potentially execute arbitrary code on the host via modification of virtio queue...

Directory Traversal

Overview coursevault-preview is a Preview course material files from a configured directory Affected versions of this package are vulnerable to Directory Traversal via improper validation in the resolveSafe utility. An attacker can access files outside the intended directory by supplying crafted...

Directory Traversal

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Directory Traversal in the safeextractall function. An attacker can write files outside the intended extraction directory by crafting a malicious tar archiv...

Red Hat Web Terminal 安全漏洞

Red Hat Web Terminal is a browser-based terminal tool developed by the American company Red Hat. There is a security vulnerability in Red Hat Web Terminal, which stems from the fact that the /etc/passwd file was set with writeable group permissions during the build process. This vulnerability cou...

PT-2026-31353

Summary The upload filename sanitization introduced in GHSA-9ffm-fxg3-xrhh uses PurePosixPathfilename.name to strip path components. Since PurePosixPath only recognizes forward slashes / as path separators, an attacker can bypass this sanitization on Windows by using backslashes in the upload...

PT-2026-31464

ALEAPP Android Logs Events And Protobuf Parser through 3.4.0 contains a path traversal vulnerability in the NQ Vault.py artifact parser that uses attacker-controlled file name from values from a database directly as the output filename, allowing arbitrary file writes outside the report output...

ALSA-2026:6949 Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive CVE-2025-61731 net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For more...

PT-2026-31352

Name of the Vulnerable Software and Affected Versions kcp versions prior to 0.30.3 and prior to 0.29.3 Description Prior to versions 0.30.3 and 0.29.3, the cache server in kcp is directly exposed by the root shard without authentication or authorization. This allows anyone who can access the root...

RHEL 8 : go-toolset:rhel8 (RHSA-2026:6949)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6949 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: cmd/go: cmd/go:...

RockyLinux 8 : go-toolset:rhel8 (RLSA-2026:6949)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:6949 advisory. cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive CVE-2025-61731 net/url: Incorrect parsing of IPv6 host literals in net/url...

OpenClaw has an unspecified vulnerability (CNVD-2026-16699)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to rebind the tool root path between validation and final write...

OpenClaw has an unspecified vulnerability (CNVD-2026-16694)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to cause an authenticated operator with only operator.write privileges to access the administrator-specific browser profile management rout...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006640)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006640 advisory. In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data races in procdouintvecminmax. A sysctl variable is accessed concurrently, and...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006802)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006802 advisory. In the Linux kernel, the following vulnerability has been resolved: nilfs2: prevent kernel bug at submitbhwbc Fix a bug where nilfsgetblock returns a successful stat...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006620)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006620 advisory. In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data races in procdouintvec. A sysctl variable is accessed concurrently, and there is...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006609)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006609 advisory. In psiwrite of psi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006704)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006704 advisory. In the Linux kernel, the following vulnerability has been resolved: atm: atmtcp: Prevent arbitrary write in atmtcprecvcontrol. syzbot reported the splat below. 0 Whe...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006669)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006669 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a data-race around bpfjitlimit. While reading bpfjitlimit, it can be changed concurrentl...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006628)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006628 advisory. In the Linux kernel, the following vulnerability has been resolved: nfc: nxp-nci: Fix potential memory leak in nxpncisend nxpncisend will call nxpncii2cwrite, and on...