ALSA-2026:2421 Important: nodejs:22 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Nodejs filesystem permissions bypass CVE-2025-55132 nodejs: Nodejs denial of service CVE-2026-21637 nodejs: Nodejs denial of service...

AlmaLinux 10 : nodejs22 (ALSA-2026:1843)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:1843 advisory. nodejs: Nodejs filesystem permissions bypass CVE-2025-55132 nodejs: Nodejs denial of service CVE-2026-21637 nodejs: Nodejs denial of service CVE-2025-594...

RHEL 8 : nodejs:22 (RHSA-2026:2421)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:2421 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

PT-2026-7277

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 6.4 through 7.6.1 Description A flaw exists in Fortinet FortiOS that could allow an unauthorized actor to access sensitive information. Successful exploitation requires prior compromise of the product at the filesyste...

Oracle Linux 9 : kernel (ELSA-2026-2212)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-2212 advisory. - iouring/net: commit partial buffers on retry Jeff Moyer RHEL-137329 CVE-2025-38730 - atm: clip: Fix infinite recursive call of clippush. Guillaume...

CVE-2026-25895 FUXA Unauthenticated Remote Code Execution via Arbitrary File Write in Upload API

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. A path traversal vulnerability in FUXA allows an unauthenticated, remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This affects FUXA through version 1.2.9. This issue has been patched ...

CVE-2026-25951

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. Prior to 1.2.11, there is a flaw in the path sanitization logic allows an authenticated attacker with administrative privileges to bypass directory traversal protections. By using nested traversal sequences e.g., ....//, an...

CVE-2026-25951

FUXA (web-based Process Visualization) before version 1.2.11 has a flaw in path sanitization that lets an authenticated administrator bypass directory traversal protections by using nested traversal sequences (e.g., ....//). This enables writing arbitrary files to the server filesystem (including...

CVE-2026-23903

Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...

kernel: Linux kernel: Memory corruption in Squashfs due to incorrect block size calculation

A flaw was found in the Linux kernel's Squashfs filesystem. A local attacker can exploit this vulnerability by simultaneously mounting a Squashfs filesystem and issuing a specific input/output control ioctl command. This can lead to an incorrect block size calculation, causing a shift-out-of-boun...

CVE-2026-23903

Summary of CVE-2026-23903 (Apache Shiro): It is an Authentication Bypass by Alternate Name vulnerability affecting Apache Shiro versions before 2.0.7, triggered when static files are served from a case-insensitive filesystem (e.g., macOS defaults). In such cases, request filename casing can bypas...

kernel: Linux kernel: Use-after-free in proc_readdir_de() can lead to privilege escalation or denial of service.

A flaw was found in the Linux kernel. This use-after-free UAF vulnerability occurs in the procreaddirde function within the /proc filesystem. A local attacker with low privileges can exploit this by concurrently traversing specific directories while network devices are unregistered. This can lead...

VulnCheck KEV: CVE-2009-3547

Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service NULL pointer dereference and system crash or gain privileges by attempting to open an anonymous pipe via a /proc//fd/ pathname...

SUSE CVE-2026-25121

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, a path traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious APK package e.g., via a compromised or typosquatte...

Important: Red Hat Security Advisory: nodejs24 security update

An update for nodejs24 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

kernel: libceph: fix potential use-after-free in have_mon_and_osd_map()

A use-after-free vulnerability was found in the Ceph client session initialization in the Linux kernel. The havemonandosdmap function checks map epochs without holding the appropriate locks, racing with concurrent map updates that free the old map. This can result in dereferencing freed memory...

GO-2026-4405 apko has a path traversal in apko dirFS which allows filesystem writes outside base in chainguard.dev/apko

apko has a path traversal in apko dirFS which allows filesystem writes outside base in chainguard.dev/apko...

PT-2026-7186

Name of the Vulnerable Software and Affected Versions FUXA versions through 1.2.9 Description FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. A path traversal issue allows an unauthenticated, remote attacker to write arbitrary files to arbitrary locations on the server...

ROS-20260205-73-0021

A vulnerability in the legitimizemnt function of the fs/namespace.c component of the Linux operating system kernel is related to incorrect computation. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity due to the measured boot not validating the integrity of the entire root filesystem. An attacker can gain unauthorized access to sensitive data or modify system files by physically replacin...