Remote Code Execution

Flowise is vulnerable toRemote Code Execution. The vulnerability is due to unsafe evaluation of user-supplied configuration in the convertToValidJSONString function executing the mcpServerConfig input as JavaScript, An attackers can use this to execute arbitrary Node.js code to run commands or...

PT-2026-2504

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.17.0 Description The Linux kernel contains a flaw within the f2fs file system related to handling compression contexts during writeback operations. A race condition can occur when a file is being fsynced, its...

CVE-2017-20203

NetSarang Xmanager Enterprise 5.0 Build 1232, Xmanager 5.0 Build 1045, Xshell 5.0 Build 1322, Xftp 5.0 Build 1218, and Xlpd 5.0 Build 1220 contain a malicious nssock2.dll that implements a multi-stage, DNS-based backdoor. The dormant library contacts a C2 DNS server via a specially crafted TXT...

f2fs: fix to drop all discards after creating snapshot on lvm device

...

f2fs: fix to account dirty data in __get_secs_required()

...

PT-2025-44377

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's Network File System Direct NFSD component. Specifically, the issue involves the handling of LAYOUTCOMMIT operations on FlexFiles layouts by pNFS...

Metasploit Wrap Up 10/09/2025

Meterpreter: Kickstarting Windows ARM64 and Reducing Memory Footprint This Metasploit-Framework release includes two important milestones for our payloads capability. The first, spearheaded by community contributor Alexander "xaitax" Hagenah, is an enhancement of our ReflectiveLoader, a crucial...

EUVD-2017-18919

NetSarang Xmanager Enterprise 5.0 Build 1232, Xmanager 5.0 Build 1045, Xshell 5.0 Build 1322, Xftp 5.0 Build 1218, and Xlpd 5.0 Build 1220 contain a malicious nssock2.dll that implements a multi-stage, DNS-based backdoor. The dormant library contacts a C2 DNS server via a specially crafted TXT...

PT-2025-41412

NetSarang Xmanager Enterprise 5.0 Build 1232, Xmanager 5.0 Build 1045, Xshell 5.0 Build 1322, Xftp 5.0 Build 1218, and Xlpd 5.0 Build 1220 contain a malicious nssock2.dll that implements a multi-stage, DNS-based backdoor. The dormant library contacts a C2 DNS server via a specially crafted TXT...

PT-2025-49060

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The extent map cache in the Linux kernel’s OCFS2 file system can become outdated when extents are moved or defragmented. This occurs because the cache is not invalidated after these...

Ubuntu 24.04 LTS : Linux kernel (Azure, N-Series) vulnerabilities (USN-7809-1)

"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7809-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws i...

Ubuntu 24.04 LTS : Linux kernel (Azure) vulnerabilities (USN-7808-1)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7808-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...

SUSE CVE-2022-50512

In the Linux kernel, the following vulnerability has been resolved: ext4: fix potential memory leak in ext4fcrecordregions As krealloc may return NULL, in this case 'state-fcregions' may not be freed by krealloc, but 'state-fcregions' already set NULL. Then will lead to 'state-fcregions' memory...

CVE-2025-43724

Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an authorization bypass through user-controlled key vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to gain unauthorized access to NFSv4 or SMB shares...

CVE-2025-43724

Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an authorization bypass through user-controlled key vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to gain unauthorized access to NFSv4 or SMB shares...

CVE-2025-43724

Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an authorization bypass through user-controlled key vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to gain unauthorized access to NFSv4 or SMB shares...

CVE-2025-43724

CVE-2025-43724 affects Dell PowerScale OneFS; prior to 9.12.0.0, an authorization bypass via a user-controlled key could let a locally privileged attacker access NFSv4/SMB shares. Evidence across multiple sources confirms the issue and that remediation is to upgrade to 9.12.0.0 or later. If explo...

LSN-0115-1: Kernel Live Patch Security Notice

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed overflow check in mienumattrCVE-2024-27407. In the Linux kernel, the following vulnerability has been resolved: netfilter: nfrejectipv6: fix nfrejectip6tcphdrput syzbot reported that nfrejectip6tcphdrput was...

USN-7795-3: Linux kernel (AWS FIPS) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Ext4 file system; - Network file system NFS server daemon; - Packet sockets; - Network traffic control; - VMware...

USN-7795-3 linux-aws-fips vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Ext4 file system; - Network file system NFS server daemon; - Packet sockets; - Network traffic control; - VMware...