Search CVE reports


Toggle filters

61 – 70 of 42760 results

Status is adjusted based on your filters.


CVE-2026-46569

Medium priority
Needs evaluation

In NTFS-3G through 2026.2.25, a heap buffer overflow exists in ntfs_ib_copy_tail(), in libntfs-3g/index.c, that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The...

1 affected package

ntfs-3g

Package 20.04 LTS
ntfs-3g Needs evaluation
Show less packages

CVE-2026-42618

Medium priority
Needs evaluation

In NTFS-3G through 2026.2.25, a heap buffer overflow exists in ntfs_decompress() in compress.c that allows an attacker to corrupt one byte of heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The...

1 affected package

ntfs-3g

Package 20.04 LTS
ntfs-3g Needs evaluation
Show less packages

CVE-2026-42617

Medium priority
Needs evaluation

In NTFS-3G through 2026.2.25, a heap buffer overflow exists in ntfs_ir_to_ib() in index.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered...

1 affected package

ntfs-3g

Package 20.04 LTS
ntfs-3g Needs evaluation
Show less packages

CVE-2026-42616

Medium priority
Needs evaluation

In NTFS-3G through 2026.2.25, a heap buffer overflow exists in cat() in cat.c that allows an attacker to corrupt heap memory in the ntfscat binary by crafting a malicious NTFS image. The overflow is triggered by reading a file.

1 affected package

ntfs-3g

Package 20.04 LTS
ntfs-3g Needs evaluation
Show less packages

CVE-2026-59733

Medium priority
Needs evaluation

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone serve restic --private-repos enforces authorization using the routed user path segment while...

1 affected package

rclone

Package 20.04 LTS
rclone Needs evaluation
Show less packages

CVE-2026-59732

Medium priority
Needs evaluation

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone archive extract can write extracted files outside the user-selected destination prefix...

1 affected package

rclone

Package 20.04 LTS
rclone Needs evaluation
Show less packages

CVE-2026-54572

Medium priority
Needs evaluation

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, with -l/--links, rclone serializes symlinks as .rclonelink text objects and recreates them on a local...

1 affected package

rclone

Package 20.04 LTS
rclone Needs evaluation
Show less packages

CVE-2026-49981

Medium priority
Needs evaluation

Twig is a template language for PHP. Prior to 3.27.0, the per-template filter, tag, and function allow-list verdict is computed when a Template instance is constructed and can remain cached after sandbox state changes between...

2 affected packages

php-twig, twig

Package 20.04 LTS
php-twig Needs evaluation
twig
Show less packages

CVE-2026-48808

Medium priority
Needs evaluation

Twig is a template language for PHP. Prior to 3.27.0, the column filter passes the active sandbox state as a boolean but does not forward the current Source to SandboxExtension::checkPropertyAllowed(), so SourcePolicyInterface...

1 affected package

php-twig

Package 20.04 LTS
php-twig Needs evaluation
Show less packages

CVE-2026-48807

Medium priority
Needs evaluation

Twig is a template language for PHP. Prior to 3.27.0, the sandbox __toString() checks do not fully cover Traversable values passed to join and replace filters or operands evaluated by the in and not in operators, allowing...

1 affected package

php-twig

Package 20.04 LTS
php-twig Needs evaluation
Show less packages