CVE-2026-34935

PraisonAI is a multi-agent teams system. From version 4.5.15 to before version 4.5.69, the --mcp CLI argument is passed directly to shlex.split and forwarded through the call chain to anyio.openprocess with no validation, allowlist check, or sanitization at any hop, allowing arbitrary OS command...

FrankenPHP's unicode case-folding length expansion causes incorrect split_path index (SCRIPT_NAME/PATH_INFO confusion) in FrankenPHP

Summary FrankenPHP’s CGI path splitting logic improperly handles Unicode characters during case conversion. The logic computes the split index for finding .php on a lowercased copy of the request path but applies that byte index to the original path. Because strings.ToLower in Go can increase the...

CVE-2023-54121

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix incorrect splitting in btrfsdropextentmaprange In production we were seeing a variety of WARNON's in the extentmap code, specifically in btrfsdropextentmaprange when we have to call addextentmapping for our second spli...

CVE-2023-54121

CVE-2023-54121 concerns the Linux kernel and specifically the btrfs extent map handling. The issue arises in btrfs_drop_extent_map_range when skip_pinned is true; the code incorrectly updates length and start while skipping a pinned extent, causing the computed end (len) to be too large and later...

Linux Distros Unpatched Vulnerability : CVE-2023-54121

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - btrfs: fix incorrect splitting in btrfsdropextentmaprange In production we were seeing a variety of WARNON's in the extentmap code, specifically in...

RHEL 8 : kernel (RHSA-2025:13805)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:13805 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ext4: fix off-by-one error in...

kernel: ext4: fix off-by-one error in do_split

In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one error in dosplit Syzkaller detected a use-after-free issue in ext4insertdentry that was caused by out-of-bounds access due to incorrect splitting in dosplit. BUG: KASAN: use-after-free in...

kernel: ext4: fix off-by-one error in do_split

In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one error in dosplit Syzkaller detected a use-after-free issue in ext4insertdentry that was caused by out-of-bounds access due to incorrect splitting in dosplit. BUG: KASAN: use-after-free in...

kernel: ext4: fix off-by-one error in do_split

In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one error in dosplit Syzkaller detected a use-after-free issue in ext4insertdentry that was caused by out-of-bounds access due to incorrect splitting in dosplit. BUG: KASAN: use-after-free in...

UBUNTU-CVE-2025-23150

In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one error in dosplit Syzkaller detected a use-after-free issue in ext4insertdentry that was caused by out-of-bounds access due to incorrect splitting in dosplit. BUG: KASAN: use-after-free in...

SUSE CVE-2024-42305

In the Linux kernel, the following vulnerability has been resolved: ext4: check dot and dotdot of dxroot before making dir indexed Syzbot reports a issue as follows: ============================================ BUG: unable to handle page fault for address: ffffed11022e24fe PGD 23ffee067 P4D...

UBUNTU-CVE-2021-47117

In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug on in ext4escacheextent as ext4splitextentat failed We got follow bugon when run fsstress with injecting IO fault: 130747.323114 kernel BUG at fs/ext4/extentsstatus.c:762! 130747.323117 Internal error: Oops - BUG: 0...