vite-plugin-static-copy files not included in `src` are possible to access with a crafted request

Summary Files not included in src was possible to access with a crafted request. Impact Only apps explicitly exposing the Vite dev server to the network using --host or server.host config option are affected. Arbitrary files can be disclosed by exploiting this vulnerability. Details Consider the...

GHSA-PP7P-Q8FX-2968 vite-plugin-static-copy files not included in `src` are possible to access with a crafted request

Summary Files not included in src was possible to access with a crafted request. Impact Only apps explicitly exposing the Vite dev server to the network using --host or server.host config option are affected. Arbitrary files can be disclosed by exploiting this vulnerability. Details Consider the...

Directory Traversal

Overview vite-plugin-static-copy is a rollup-plugin-copy for vite with dev server support. Affected versions of this package are vulnerable to Directory Traversal via the viaLocal function. An attacker can access arbitrary files on the server by sending crafted HTTP requests that exploit path...

Security update for net-tools

This update for net-tools fixes the following issues: Provide more readable error for interface name size checking bsc1243581 Perform bound checks when parsing interface labels in /proc/net/dev bsc1243581, bsc1246608. CVE-2025-46836 Patch Instructions: To install this SUSE update use the SUSE...

PT-2025-34242 · Vite · Vite-Plugin-Static-Copy

Name of the Vulnerable Software and Affected Versions: vite-plugin-static-copy versions prior to 2.3.2 vite-plugin-static-copy versions prior to 3.1.2 Description: The vite-plugin-static-copy plugin for Vite allows access to files not included in the src directory through a crafted request. This...

@n8n/task-runner (>=1.37.0 <=1.42.3), n8n-node-dev (>=1.0.0 <=1.104.3) +10 more potentially affected by CVE-2025-57749 via n8n-core (>=1.0.0 <=1.105.3)

n8n-core NPM version =1.0.0, =1.37.0, =1.0.0, =0.1.0, =0.3.3, =0.3.1, =1.1.0, =0.1.4, =0.4.10, =0.2.0, =0.1.0, =0.4.28 Source cves: CVE-2025-57749 Source advisory: SNYK:JS-N8NCORE-12081401...

CLSA-2025-1755681073 Update of systemd

Fix deleting job when iSCSi used - /dev/lve is added into the list of private devices...

SUSE CVE-2025-38555

In the Linux kernel, the following vulnerability has been resolved: usb: gadget : fix use-after-free in compositedevcleanup 1. In func configfscompositebind - compositeosdescreqprepare: if kmalloc fails, the pointer cdev-osdescreq will be freed but not set to NULL. Then it will return a failure t...

SUSE CVE-2025-38589

In the Linux kernel, the following vulnerability has been resolved: neighbour: Fix null-ptr-deref in neighflushdev. kernel test robot reported null-ptr-deref in neighflushdev. 0 The cited commit introduced per-netdev neighbour list and converted neighflushdev to use it instead of the global hash...

CVE-2025-38589

In the Linux kernel, the following vulnerability has been resolved: neighbour: Fix null-ptr-deref in neighflushdev. kernel test robot reported null-ptr-deref in neighflushdev. 0 The cited commit introduced per-netdev neighbour list and converted neighflushdev to use it instead of the global hash...

CVE-2025-38555

In the Linux kernel, the following vulnerability has been resolved: usb: gadget : fix use-after-free in compositedevcleanup 1. In func configfscompositebind - compositeosdescreqprepare: if kmalloc fails, the pointer cdev-osdescreq will be freed but not set to NULL. Then it will return a failure t...

CVE-2025-38592 Bluetooth: hci_devcd_dump: fix out-of-bounds via dev_coredumpv

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcidevcddump: fix out-of-bounds via devcoredumpv Currently both devcoredumpv and skbputdata in hcidevcddump use hdev-dump.head. However, devcoredumpv can free the buffer. From devcoredumpmtimeout documentation, which i...

CVE-2025-38589

In the Linux kernel, the following vulnerability has been resolved: neighbour: Fix null-ptr-deref in neighflushdev. kernel test robot reported null-ptr-deref in neighflushdev. 0 The cited commit introduced per-netdev neighbour list and converted neighflushdev to use it instead of the global hash...

CVE-2025-38589

The Connected documents confirm CVE-2025-38589 relates to a null-ptr-deref in neigh_flush_dev() within the Linux kernel, fixed by reverting to hash-table iteration in neigh_table_clear() after introducing per-netdev neighbour lists. The issue was triggered by neigh_table_clear() calling neigh_ifd...

CVE-2025-38589 neighbour: Fix null-ptr-deref in neigh_flush_dev().

In the Linux kernel, the following vulnerability has been resolved: neighbour: Fix null-ptr-deref in neighflushdev. kernel test robot reported null-ptr-deref in neighflushdev. 0 The cited commit introduced per-netdev neighbour list and converted neighflushdev to use it instead of the global hash...

CVE-2025-38555

The CVE CVE-2025-38555 is a use-after-free in Linux kernel USB gadget driver during composite_dev_cleanup, arising when configfs_composite_bind() frees cdev-&gt;os_desc_req on kmalloc failure but doesn’t NULL it, leading to a subsequent use of non-NULL pointer. The issue affects the usb gadget’s ...

CVE-2025-38555

In the Linux kernel, the following vulnerability has been resolved: usb: gadget : fix use-after-free in compositedevcleanup 1. In func configfscompositebind - compositeosdescreqprepare: if kmalloc fails, the pointer cdev-osdescreq will be freed but not set to NULL. Then it will return a failure t...

PT-2025-33787

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.12.0-rc6-01246-gf7f52738637f Description: A null-pointer dereference issue was identified in the neigh flush dev function within the Linux kernel. This occurred due to a missing check when using the per-netdev...

Linux Distros Unpatched Vulnerability : CVE-2025-8264

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inje...

Linux Distros Unpatched Vulnerability : CVE-2022-1222

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV. CVE-2022-1222 Note that Nessus relies on the presence of the package as reported by the vendor...