CVE-2025-68811

This CVE-2025-68811 concerns the Linux kernel svcrdma path. The root cause is in svc_rdma_copy_inline_range where rc_curpage (page index) was used in the page base instead of the byte offset rc_pageoff, causing memcpy operations to land incorrectly within a page. The advisory/entries in Red Hat, ...

CVE-2025-68811 svcrdma: use rc_pageoff for memcpy byte offset

In the Linux kernel, the following vulnerability has been resolved: svcrdma: use rcpageoff for memcpy byte offset svcrdmacopyinlinerange added rccurpage page index to the page base instead of the byte offset rcpageoff. Use rcpageoff so copies land within the current page. Found by ZeroPath...

CVE-2025-68778

CVE-2025-68778 corresponds to a Linux kernel Btrfs logging/transaction bug where logging an inode location while moving a directory in the same transaction could cause an inconsistent log replay, potentially leading to a hard-link count issue and a failed mount. The provided advisories confirm th...

CVE-2025-68778 btrfs: don't log conflicting inode if it's a dir moved in the current transaction

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't log conflicting inode if it's a dir moved in the current transaction We can't log a conflicting inode if it's a directory and it was moved from one parent directory to another parent directory in the current...

CVE-2025-68778

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't log conflicting inode if it's a dir moved in the current transaction We can't log a conflicting inode if it's a directory and it was moved from one parent directory to another parent directory in the current...

CVE-2025-68778 btrfs: don't log conflicting inode if it's a dir moved in the current transaction

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't log conflicting inode if it's a dir moved in the current transaction We can't log a conflicting inode if it's a directory and it was moved from one parent directory to another parent directory in the current...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: riscv: stacktrace: Disable KASAN checks for non-current tasks Unwinding the stack of a task other than current, KASAN would report "BUG: KASAN: out-of-bounds in walkstackframe+0x41c/0x460" There is a same issue on x86 and has bee...

PT-2026-2768

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is...

CVE-2023-50724

Resque pronounced like "rescue" is a Redis-backed library for creating background jobs, placing those jobs on multiple queues, and processing them later. resque-web in resque versions before 2.1.0 are vulnerable to reflected XSS through the currentqueue parameter in the path of the queues endpoin...

Salvo is vulnerable to reflected XSS in the list_html function

Summary The function listhtml generates an file view of a folder which includes a render of the current path, in which its inserted in the HTML without proper sanitation, leading to reflected XSS. The request path is decoded and normalized in the matching stage but is not inserted raw in the HTML...

GHSA-RJF8-2WCW-F6MP Salvo is vulnerable to reflected XSS in the list_html function

Summary The function listhtml generates an file view of a folder which includes a render of the current path, in which its inserted in the HTML without proper sanitation, leading to reflected XSS. The request path is decoded and normalized in the matching stage but is not inserted raw in the HTML...

CVE-2026-22256 Salvo is vulnerable to reflected XSS in the list_html function

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generate an file view of a folder which include a render of the current path, in which its inserted in the HTML without proper sanitation, this leads to reflected XSS using the fact that request path is decoded...

Large Language Models for Detecting Cyberattacks on Smart Grid Protective Relays

This paper presents a large language model LLM-based framework for detecting cyberattacks on transformer current differential relays TCDRs, which, if undetected, may trigger false tripping of critical transformers. The proposed approach adapts and fine-tunes compact LLMs such as DistilBERT to...

Slackware Linux 15.0 / current curl Multiple Vulnerabilities (SSA:2026-007-01)

The version of curl installed on the remote host is prior to 8.17.0 / 8.18.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2026-007-01 advisory. New curl packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the...

Slackware: Security Advisory (SSA:2026-006-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[slackware-security] libsodium

New libsodium packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libsodium-1.0.18-i586-4slack15.0.txz: Rebuilt. This update fixes a security issue: Insufficient validation in...

CVE-2025-11235

Progress MOVEit Transfer on Windows REST API modules is affected by an unverified password change vulnerability. Affected versions include MOVEit Transfer 2022.0.0–2022.0.10, 2022.1.0–2022.1.11, 2023.0.0–2023.0.8, and 2023.1.0–2023.1.3. The issue is documented across multiple sources (including R...

current-impact (=1.0.0), nmea-streamer (>=1.0.1 <=2.2.0) potentially affected by CVE-2025-69203 via signalk-server (=1.46.3)

signalk-server NPM version =1.46.3 is affected by a known vulnerability. The following packages have a transitive dependency on signalk-server and may be impacted: - current-impact =1.0.0 - nmea-streamer =1.0.1, =2.2.0 Source cves: CVE-2025-69203 Source advisory: OSV:GHSA-VFRF-VCJ7-WVR8...

current-impact (=1.0.0), nmea-streamer (>=1.0.1 <=2.2.0) potentially affected by CVE-2025-68619 via signalk-server (=1.46.3)

signalk-server NPM version =1.46.3 is affected by a known vulnerability. The following packages have a transitive dependency on signalk-server and may be impacted: - current-impact =1.0.0 - nmea-streamer =1.0.1, =2.2.0 Source cves: CVE-2025-68619 Source advisory: OSV:GHSA-93JC-VQQC-VVVH...

current-impact (=1.0.0), nmea-streamer (>=1.0.1 <=2.2.0) potentially affected by CVE-2025-68273 via signalk-server (=1.46.3)

signalk-server NPM version =1.46.3 is affected by a known vulnerability. The following packages have a transitive dependency on signalk-server and may be impacted: - current-impact =1.0.0 - nmea-streamer =1.0.1, =2.2.0 Source cves: CVE-2025-68273 Source advisory: OSV:GHSA-FPF5-W967-RR2M...