CVE-2026-25889 File Browser has an Authentication Bypass in User Password Update

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, a case-sensitivity flaw in the password validation logic allows any authenticated user to change their password or an admin to change...

CVE-2026-25889

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, a case-sensitivity flaw in the password validation logic allows any authenticated user to change their password or an admin to change...

CVE-2026-25889

Summary: CVE-2026-25889 affects File Browser up to version 2.57.0. A case-sensitive password check flaw in the API allows an authenticated attacker (with a valid JWT obtained via XSS, session hijack, etc.) to change a password without supplying the current one by sending the field name with Title...

CVE-2026-25889 File Browser has an Authentication Bypass in User Password Update

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, a case-sensitivity flaw in the password validation logic allows any authenticated user to change their password or an admin to change...

kernel: svcrdma: use rc_pageoff for memcpy byte offset

In the Linux kernel, the following vulnerability has been resolved: svcrdma: use rcpageoff for memcpy byte offset svcrdmacopyinlinerange added rccurpage page index to the page base instead of the byte offset rcpageoff. Use rcpageoff so copies land within the current page. Found by ZeroPath...

CVE-2026-0660

A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

SUSE CVE-2025-71194

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock in waitcurrenttrans due to ignored transaction type When waitcurrenttrans is called during starttransaction, it currently waits for a blocked transaction without considering whether the given transaction type...

ROS-20260205-73-0033

A vulnerability in the currentpasswordstore function of the dell-wmi-sysman driver of the Linux kernel is related to buffer copying without input validation. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2026-0536

A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

EUVD-2026-5382

A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

CVE-2025-71194

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock in waitcurrenttrans due to ignored transaction type When waitcurrenttrans is called during starttransaction, it currently waits for a blocked transaction without considering whether the given transaction type...

UBUNTU-CVE-2025-71194

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock in waitcurrenttrans due to ignored transaction type When waitcurrenttrans is called during starttransaction, it currently waits for a blocked transaction without considering whether the given transaction type...

CVE-2025-71194

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock in waitcurrenttrans due to ignored transaction type When waitcurrenttrans is called during starttransaction, it currently waits for a blocked transaction without considering whether the given transaction type...

TruConfirm: Autonomous, Agent-Led, Safe Exploit Validation for Real-World Risk Reduction

Key Takeaways CISOs still can’t answer the only question that matters: Is this exposure exploitable on this asset, in our production environment, against our controls, right now? The vulnerability firehose broke the old model: With 48,177 CVEs published in 2025, “critical” lists are too large to...

CVE-2026-0661

A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

EUVD-2025-206804

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock in waitcurrenttrans due to ignored transaction type When waitcurrenttrans is called during starttransaction, it currently waits for a blocked transaction without considering whether the given transaction type...

CVE-2025-71194

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock in waitcurrenttrans due to ignored transaction type When waitcurrenttrans is called during starttransaction, it currently waits for a blocked transaction without considering whether the given transaction type...

CVE-2025-71194 btrfs: fix deadlock in wait_current_trans() due to ignored transaction type

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock in waitcurrenttrans due to ignored transaction type When waitcurrenttrans is called during starttransaction, it currently waits for a blocked transaction without considering whether the given transaction type...

CVE-2025-71194

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock in waitcurrenttrans due to ignored transaction type When waitcurrenttrans is called during starttransaction, it currently waits for a blocked transaction without considering whether the given transaction type...

CVE-2025-71194 btrfs: fix deadlock in wait_current_trans() due to ignored transaction type

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock in waitcurrenttrans due to ignored transaction type When waitcurrenttrans is called during starttransaction, it currently waits for a blocked transaction without considering whether the given transaction type...