Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the possibility of overflowing the length of shared memory lists, potentially leading to an unexpected...

PT-2026-39060

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A reference leak exists in the amdgpu userq wait ioctl function. The issue occurs when the ioctl is aborted because the output array is too small, failing to drop references to the synco...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the improper acquisition and release of the GEM object’s reserved lock before and after cleanup...

CVE-2025-69690

Netgate pfSense Community Edition 2.7.2 and 2.8.0 are affected by two authenticated RCE paths. First, unsafe deserialization in the module installer/backups allows a crafted backup XML containing a serialized PHP object with the post_reboot_commands property to execute commands with root privileg...

PT-2026-39243

Name of the Vulnerable Software and Affected Versions Gitsign versions prior to 0.16.0 Description gitsign verify and gitsign verify-tag re-encode commit or tag objects using the EncodeWithoutSignature function from the go-git library before checking the signature, rather than verifying the raw g...

i18next-http-middleware 路径遍历漏洞

i18next-http-middleware is an open-source HTTP internationalization middleware for Node.js and Deno by i18next. Versions of i18next-http-middleware prior to 3.9.3 had a path traversal vulnerability. This vulnerability stemmed from unvalidated entry points in the getResourcesHandler and...

PT-2026-39221

Name of the Vulnerable Software and Affected Versions AnythingLLM versions prior to 1.12.1 Description An insecure direct object reference IDOR exists in the text-to-speech endpoint. The endpoint "/api/workspace/:slug/tts/:chatId" validates workspace membership but fails to enforce ownership of t...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the improper acquisition and release of the reserved lock on the GEM object before and after the amadvi...

CVE-2025-69690

Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the postrebootcommands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are intentionally allowed to execut...

PT-2026-38793

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: CORBA. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and 21.3.7. Easily exploitable vulnerability allows...

PT-2026-39029

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/i915 component where the length attribute of a scatterlist may overflow when a scatterlists table of a GEM shmem object of 4 GB or more is populated with pages...

PT-2026-39160

Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior...

PT-2026-39191

Name of the Vulnerable Software and Affected Versions VM2 affected versions not specified Description A sandbox breakout allows attackers to execute arbitrary commands on the host system. The issue occurs because the neutralizeArraySpeciesBatch function interacts with objects from an external...

CVE-2025-69690

Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the postrebootcommands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are intentionally allowed to execut...

CVE-2025-69690

Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the postrebootcommands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are intentionally allowed to execut...

PT-2026-38672

Name of the Vulnerable Software and Affected Versions Netgate pfSense CE version 2.7.2 Description Netgate pfSense CE allows code execution through the module installer. This occurs when a backup file containing a serialized PHP object with the post reboot commands property is used. Recommendatio...

Unstructured Data Backup from Google Cloud Storage fails with a Bad Request error

Challenge An Unstructured Data Backup of data from Google Cloud Storage added to Veeam Backup & Replication as an S3-Compatible Object Storage data source fails with the following error: Failed to perform object backup Error: Agent: Failed to process method NasMaster.ExecuteBackupProcessor: Faile...

Axios 安全漏洞

Axios is an open-source HTTP client developed by Axios. Versions of Axios from 1.0.0 to 1.15.2 contained security vulnerabilities. These vulnerabilities stemmed from five configuration properties in the HTTP adapter being accessed directly through property access without the protection of...

Cross-site Scripting (XSS)

Overview netbox-data-flows is a NetBox plugin to document data flows between systems and applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ObjectAlias.name field rendered in DataFlow tables. An attacker can execute arbitrary JavaScript in the brows...

netbox-data-flows has stored XSS in ObjectAlias names rendered inside DataFlow tables

Summary An authenticated user who can create or edit ObjectAlias objects can store arbitrary HTML/JavaScript in an alias name. That payload is later rendered unescaped in DataFlow table views, causing a stored XSS when another user views the affected page. Details The issue is caused by unsafe HT...