CVE-2025-67124

A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization when uploads are enabled can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination...

UBUNTU-CVE-2025-38180

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against devlec changes. It appears it had devput calls without prior devhold, leading to imbalance and UAF...

GHSA-RRHW-54R8-545Q Path Traversal in FileGator

Path Traversal in FileGator prior to 7.8.0 for non-admin users. Files created with ..\ as part of their name will be interpreted as a path. Users are thus able to add filesystem entries outside the scope of their user to their dashboard and subsequently are able to modify those files...

Path Traversal in FileGator

Path Traversal in FileGator prior to 7.8.0 for non-admin users. Files created with ..\ as part of their name will be interpreted as a path. Users are thus able to add filesystem entries outside the scope of their user to their dashboard and subsequently are able to modify those files...