CVE-2024-8551

CVE-2024-8551 : A path traversal vulnerability affects modelscope/agentscope in the save-workflow and load-workflow functionality, present in versions prior to the fix. An attacker can read and write arbitrary JSON files on the filesystem, potentially exposing or modifying sensitive data (config ...

CVE-2024-7760 CSRF in aimhubio/aim

aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery CSRF vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server, which can b...

CVE-2024-7760

CVE-2024-7760 affects aimhubio/aim (v3.22.0) where the tracking server is vulnerable to Cross‑Site Request Forgery (CSRF) due to overly permissive CORS settings that allow cross-origin requests from all origins. This vulnerability enables CSRF on all endpoints of the tracking server and can be ch...

PT-2025-12225 · Mintplex · Anything-Llm

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm versions prior to 1.2.2 Description: A vulnerability in the normalizePath function allows for path traversal, leading to arbitrary file read and write in the storage directory. This can result in privilege escalatio...

PT-2025-20531

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue concerns the Linux kernel's handling of read/write replies in the 9p/net module. Specifically, in p9 client write and p9 client read once, if a server incorrectly replies with ...

PT-2025-19322

Name of the Vulnerable Software and Affected Versions Synology Router Manager SRM affected versions not specified FileStation affected versions not specified Description A security issue exists in Synology Router Manager SRM related to insufficient protection of service data. Remote attackers may...

ceph: fix memory leak in ceph_direct_read_write()

...

btrfs: don't take dev_replace rwsem on task already holding it

...

CVE-2025-27395

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions V4.0. Affected devices do not properly limit the scope of files accessible through and the privileges of the SFTP functionality. This could allow an authenticated highly-privileged remote attacker to read and...

CVE-2025-27397

Siemens SCALANCE LPE9403 (6GK5998-3GS00-2AC2) is affected by CVE-2025-27397. All versions below V4.0 fail to properly restrict user-controlled log paths, enabling an authenticated, highly-privileged attacker to read and write arbitrary files if the path ends with 'log'. Connected sources confirm ...

CVE-2024-48864

A files or directories accessible to external parties vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers to read/write files or directories. We have already fixed the vulnerability in the following versions: File Station 5...

CVE-2024-48864

A files or directories accessible to external parties vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers to read/write files or directories. We have already fixed the vulnerability in the following versions: File Station 5...

CVE-2024-48864 File Station 5

A files or directories accessible to external parties vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers to read/write files or directories. We have already fixed the vulnerability in the following versions: File Station 5...

QNAP Systems File Station 安全漏洞

QNAP Systems File Station is a file management tool for QTS from China's Weilian Technology QNAP Systems. The application provides access to NAS files via a web page. A security vulnerability exists in QNAP Systems File Station 5 versions prior to 5.5.6.4741, which stems from a file or directory...

Linux Distros Unpatched Vulnerability : CVE-2024-11403

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used by the JPEG XL encod...

Linux Distros Unpatched Vulnerability : CVE-2011-4127

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Linux kernel before 3.2.2 does not properly restrict SGIO ioctl calls, which allows local users to bypass intended restrictions on disk read and write...

Exploit for Integer Overflow or Wraparound in Apple Ipados

Trigon Trigon is a deterministic kernel exploit based on CVE-...

SUSE CVE-2022-49194

In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: Use stronger register read/writes to assure ordering GCC12 appears to be much smarter about its dependency tracking and is aware that the relaxed variants are just normal loads and stores and this is causing proble...

DEBIAN-CVE-2022-49272

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix potential AB/BA lock with buffermutex and mmaplock syzbot caught a potential deadlock between the PCM runtime-buffermutex and the mm-mmaplock. It was brought by the recent fix to cover the racy read/write and other...

DEBIAN-CVE-2022-49214

In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Don't use DSISR for SLB faults Since commit 46ddcb3950a2 "powerpc/mm: Show if a bad page fault on data is read or write." we use pagefaultiswriteregs-dsisr in badpagefault to determine if the fault is for a read or...