CVE-2025-10894

Malicious code was inserted into the Nx build system package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them to GitHub as a repo...

tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball

Impact v3.1.0, v2.1.3, v1.16.5 and below Patches Has been patched in 3.1.1, 2.1.4, and 1.16.6 Workarounds You can use the ignore option to ignore non files/directories. js ignore , header // pass files & directories, ignore e.g. symlinks return header.type !== 'file' && header.type !== 'directory...

Symlink Following

Overview org.webjars.npm:tar-fs is a filesystem bindings for tar-stream. Affected versions of this package are vulnerable to Symlink Following via the symlink validation process in the inCwd function. An attacker can write files outside the intended extraction directory by crafting a malicious...

USN-7766-1 linux-aws-6.8, linux-gcp-6.8 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - x86 architecture; - Compute Acceleration Framework; - Bus devices; - AM...

Arbitrary File Upload

xml2rfc is vulnerable to Arbitrary File Upload. The vulnerability is due to improper input sanitization because an attacker can inject a malicious element into the XML used to generate the PDF, causing the generator to read and include arbitrary filesystem files...

SUSE-SU-2025:03310-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49492: nvme-pci: fix a NULL pointer dereference in nvmeallocadmintags bsc1238954. - CVE-2022-50116: tty: ngsm: fix deadlock and link starvation in outgoing...

CVE-2025-9963

A path traversal vulnerability in Novakon P series allows to expose the root file system "/" and modify all files with root permissions. This way the system can also be compromized.This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 commit d0f97fd9...

CVE-2025-9963

A path traversal vulnerability in Novakon P series allows to expose the root file system "/" and modify all files with root permissions. This way the system can also be compromized.This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 commit d0f97fd9...

CVE-2025-9963 Path Traversal

A path traversal vulnerability in Novakon P series allows to expose the root file system "/" and modify all files with root permissions. This way the system can also be compromized.This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 commit d0f97fd9...

CVE-2025-9963 Path Traversal

A path traversal vulnerability in Novakon P series allows to expose the root file system "/" and modify all files with root permissions. This way the system can also be compromized.This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 commit d0f97fd9...

CVE-2025-9963

CVE-2025-9963 concerns the Novakon P series (P – V2001.A.C518o2) with a path traversal flaw that can expose the root filesystem and allow modification of any file with root permissions, potentially leading to system compromise. Documentation consistently specifies the affected product/version and...

SUSE-SU-2025:03301-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-46733: btrfs: fix qgroup reserve leaks in cowfilerange bsc1230708. - CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points bsc1232089. -...

CVE-2025-39888

In the Linux kernel, the following vulnerability has been resolved: fuse: Block access to folio overlimit syz reported a slab-out-of-bounds Write in fusedevdowrite. When the number of bytes to be retrieved is truncated to the upper limit by fc-maxpages and there is an offset, the oob is triggered...

DEBIAN-CVE-2025-39868

In the Linux kernel, the following vulnerability has been resolved: erofs: fix runtime warning on truncatefoliobatchexceptionals Commit 0e2f80afcfa6"fs/dax: ensure all pages are idle prior to filesystem unmount" introduced the WARNONONCE to capture whether the filesystem has removed all DAX entri...

CVE-2025-39885 ocfs2: fix recursive semaphore deadlock in fiemap call

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix recursive semaphore deadlock in fiemap call syzbot detected a OCFS2 hang due to a recursive semaphore on a FSIOCFIEMAP of the extent list on a specially crafted mmap file. contextswitch kernel/sched/core.c:5357 inline...

CVE-2025-39884 btrfs: fix subvolume deletion lockup caused by inodes xarray race

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix subvolume deletion lockup caused by inodes xarray race There is a race condition between inode eviction and inode caching that can cause a live struct btrfsinode to be missing from the root-inodes xarray. Specifically,...

CVE-2025-39868

In the Linux kernel, the following vulnerability has been resolved: erofs: fix runtime warning on truncatefoliobatchexceptionals Commit 0e2f80afcfa6"fs/dax: ensure all pages are idle prior to filesystem unmount" introduced the WARNONONCE to capture whether the filesystem has removed all DAX entri...

CVE-2025-39868 erofs: fix runtime warning on truncate_folio_batch_exceptionals()

In the Linux kernel, the following vulnerability has been resolved: erofs: fix runtime warning on truncatefoliobatchexceptionals Commit 0e2f80afcfa6"fs/dax: ensure all pages are idle prior to filesystem unmount" introduced the WARNONONCE to capture whether the filesystem has removed all DAX entri...

CVE-2025-39868

CVE-2025-39868 describes a Linux kernel vulnerability where a runtime warning (WARN_ON_ONCE) could be triggered during unmount due to how erofs (and related DAX entries) were handled. The root cause, as noted in the description, is a fix introduced by commit 0e2f80afcfa6 that added WARN_ON_ONCE t...

Novakon P series 安全漏洞

Novakon P series is a series of industrial panel PC operating pages from Taiwan, China-based Novakon Corporation. A security vulnerability exists in Novakon P series version V2001.A.C518o2, which stems from a path traversal flaw that could lead to root file system exposure and arbitrary file...