PraisonAI 路径遍历漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.6.37 contained a path traversal vulnerability. This vulnerability stemmed from the safeextractall helper function not verifying the linkname of members and not rejecting...

Gotenberg 参数注入漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg 8.30.1 and earlier contained a parameter injection vulnerability. This vulnerability stemmed from the fact that the metadata writing...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't log conflicting inode if it's a dir moved in the current transaction We can't log a conflicting inode if it's a directory and it was moved from one parent directory to another parent directory in the current...

Linux Distros Unpatched Vulnerability : CVE-2026-34446

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, there is an issue in onnx.load, the code...

DEBIAN-CVE-2026-34446

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, there is an issue in onnx.load, the code checks for symlinks to prevent path traversal, but completely misses hardlinks because a hardlink looks exactly like a regular file on the...

Open Neural Network Exchange 安全漏洞

Open Neural Network Exchange is an open-source ecosystem developed by Open Neural Network Exchange. It enables AI developers to choose the appropriate tools as the project evolves. Versions of Open Neural Network Exchange prior to 1.21.0 contained a security vulnerability. This vulnerability...

node-tar 后置链接漏洞

node-tar is a software package for file compression/decompression developed by isaacs. Versions of node-tar prior to 7.5.10 had a post-installation link vulnerability. This vulnerability stemmed from the possibility of creating hard links pointing outside the extraction directory, which could lea...

node-tar 路径遍历漏洞

node-tar is a software package for file compression/decompression developed by isaacs. Versions of node-tar 7.5.7 and earlier contained a path traversal vulnerability. This vulnerability stemmed from archive files that attackers could control, allowing them to create hard links to files outside t...

BusyBox 安全漏洞

BusyBox is a set of applications developed by Denis Vlasenko from Ukraine. It contains multiple Linux commands and tools. BusyBox has a security vulnerability; this vulnerability arises from the lack of verification during the extraction of hard links or symbolic links in tar archives. This may...

CVE-2026-23745

node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwri...

CVE-2025-68778

A data corruption flaw was found in the Linux kernel's Btrfs filesystem log replay mechanism. When a directory is moved between parent directories in the same transaction and then a file with the same name is created and synced, the log replay can create a directory with two hard links. This caus...

SUSE CVE-2025-68778

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't log conflicting inode if it's a dir moved in the current transaction We can't log a conflicting inode if it's a directory and it was moved from one parent directory to another parent directory in the current...

MiracleLinux 3 : postfix-2.3.3-2.9AXS3 (AXSA:2008-88:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2008-88:01 advisory. Postfix is a Mail Transport Agent MTA, supporting LDAP, SMTP AUTH SASL, and TLS. CVE-2008-2936: Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and...

AZL-74348 CVE-2025-68778 affecting package kernel for versions less than 6.6.121.1-1

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't log conflicting inode if it's a dir moved in the current transaction We can't log a conflicting inode if it's a directory and it was moved from one parent directory to another parent directory in the current...

CVE-2025-68778

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't log conflicting inode if it's a dir moved in the current transaction We can't log a conflicting inode if it's a directory and it was moved from one parent directory to another parent directory in the current...

UBUNTU-CVE-2025-68778

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't log conflicting inode if it's a dir moved in the current transaction We can't log a conflicting inode if it's a directory and it was moved from one parent directory to another parent directory in the current...

CVE-2025-68778

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't log conflicting inode if it's a dir moved in the current transaction We can't log a conflicting inode if it's a directory and it was moved from one parent directory to another parent directory in the current...

CVE-2025-68778

CVE-2025-68778 corresponds to a Linux kernel Btrfs logging/transaction bug where logging an inode location while moving a directory in the same transaction could cause an inconsistent log replay, potentially leading to a hard-link count issue and a failed mount. The provided advisories confirm th...

CVE-2025-68778 btrfs: don't log conflicting inode if it's a dir moved in the current transaction

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't log conflicting inode if it's a dir moved in the current transaction We can't log a conflicting inode if it's a directory and it was moved from one parent directory to another parent directory in the current...

CVE-2025-68778 btrfs: don't log conflicting inode if it's a dir moved in the current transaction

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't log conflicting inode if it's a dir moved in the current transaction We can't log a conflicting inode if it's a directory and it was moved from one parent directory to another parent directory in the current...