USN-8359-1: NNCP vulnerability

It was discovered that NNCP did not properly sanitize file paths in packet data during file requesting and file saving operations. A remote attacker could possibly use this issue to read or write arbitrary files outside of the intended directory...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: virtiopmem: Added the missing REQOPWRITE for flushing bio. When performing mkfs.xfs on a pmem device, the following warning was encountered: ------------ Cut here ------------ Warning: CPU: 2, PID: 384; at block/blk-core.c:751:...

Xcode MCP Server 命令注入漏洞

Xcode MCP Server is an Xcode-integrated context-based protocol server developed by R. Huijts. Version 1.0.0 of Xcode MCP Server contains a command injection vulnerability. This vulnerability arises from the Request operation in the buildproject/runtests function within the src/index.ts file, whic...

CVE-2023-54089

In the Linux kernel, the following vulnerability has been resolved: virtiopmem: add the missing REQOPWRITE for flush bio When doing mkfs.xfs on a pmem device, the following warning was ------------ cut here ------------ WARNING: CPU: 2 PID: 384 at block/blk-core.c:751 submitbionoacct Modules link...

CVE-2025-40171 nvmet-fc: move lsop put work to nvmet_fc_ls_req_op

In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: move lsop put work to nvmetfclsreqop It’s possible for more than one async command to be in flight from nvmetfcsendlsreq. For each command, a tgtport reference is taken. In the current code, only one put work item is...

EUVD-2025-22602

Malicious code in bioql PyPI...

PT-2025-46646

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel where multiple asynchronous commands can be in flight from the nvmet fc send ls req function, potentially leading to a leaked tgtport reference. The iss...

CVE-2025-38401

In the Linux kernel, the following vulnerability has been resolved: mtk-sd: Prevent memory corruption from DMA map failure If msdcpreparedata fails to map the DMA region, the request is not prepared for data receiving, but msdcstartdata proceeds the DMA with previous setting. Since this will lead...

Array Networks ArrayOS AG 安全漏洞

Array Networks ArrayOS AG is an SSL-VPN product from Array Networks that enables secure remote access regardless of user, device or location. It provides scalable and controlled remote and mobile access to corporate networks, enterprise applications and cloud services for any user, any device,...

backstage 路径遍历漏洞

backstage is a software application. Backstage is an open platform for building developer portals Backstage suffers from a path traversal vulnerability that stems from the ability to read sensitive files from an environment running Scaffolder Tasks. The attack is executed by crafting a custom...

CVE-2008-3700

Multiple cross-site scripting XSS vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the sessionid parameter in a livesupport startclientchat action to visitor/index.php; 2 the filter parameter in a news view action to...