Alerts This Week
Warning Icon 1 905
Alerts This Week
Warning Icon 1 905

Stay Ahead With Linux Security News

Fedora Hero Esm H350
Security Trends Price Tag%201fedora security assessment

A Fedora contributor account recently came under scrutiny for apparently AI-generated activity that disrupted the project's bug tracker. . Questionable Bugzilla comments, flawed patches, and improperly closed or reassigned bugs forced maintainers to spend time cleaning up the fallout. There is no evidence that malware was deployed or a backdoor reached production, but the incident exposed a different problem. Open-source projects can be disrupted without compromising a single line of code....
1 min read Security Trends
Langlow Hero Esm H350
Security Vulnerabilities Price Tag%201security advisory critical

Attackers are actively exploiting a high-severity vulnerability in Langflow , an open-source platform used to build and run AI workflows. . The flaw turns a file upload into a filesystem write, allowing a user-controlled file to escape the application's intended upload directory and land in locations Langflow was never supposed to touch. The vulnerable upload endpoint permits path traversal through crafted filenames. From there, the impact depends heavily on how the platform is deployed. A...
3 - 6 min read Security Vulnerabilities
Npm V12 Hero Esm H350
Vendors/ProductsPrice Tag%201security advisory linux

With npm v12 , dependency preinstall, install, and postinstall scripts will no longer execute automatically during package installation. Script execution will require explicit approval through new controls such as npm approve-scripts, with the change expected to arrive in July 2026. . The announcement targets a part of the software supply chain that has repeatedly appeared in package registry abuse, credential theft, and CI/CD compromise investigations. A single npm install could trigger code...
4 - 8 min read Vendors/Products
V8 Zero Day Chrome Esm H350
Security Vulnerabilities Price Tag%201security advisory zero-day

CISA added CVE-2026-11645 to its Known Exploited Vulnerabilities catalog after Google confirmed active exploitation of the flaw. The bug sits in V8, the JavaScript engine behind Chrome and Chromium. . That's where this gets more interesting. Most coverage will focus on Chrome because that's where the patch landed. But the affected component is V8. Chromium relies on it. Electron relies on it. Plenty of desktop software Linux users interact with every day relies on it too, often without much...
4 - 7 min read Security Vulnerabilities
4.Lock AbstractDigital Esm H350
Network SecurityPrice Tag%201security advisory networking

For years, IPv4 was the only proxy type that really mattered for anyone running automation off a Linux box. IPv6 was the protocol everyone said they’d migrate to, but almost nobody actually did. In 2026, that’s finally starting to shift. . The problem is that most admins stick with IPv4 out of habit. They know it; it’s what their tooling defaults to, and they don’t see a reason to change. Some are overpaying for addresses they don’t need. Others would quietly break their scrapers, scripts, or...
5 - 9 min read Network Security
Filter%20icon Refine news
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":555,"type":"x","order":1,"pct":78.72,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.26,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.82,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.2,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security news

We found -1 articles for you...
78
General Esm H240
Price Tag%201security advisorycriticalfile upload

WordPress 3.3.2 Critical Update: File Upload Risks Mitigated

The developers of the popular open source blog engine WordPress have released a security update for the software. WordPress 3.3.2 fixes unspecified bugs in three external file upload libraries used in the software and other security problems with the application. . The bugs affect both WordPress's current file uploading library Plupload as well as the SWFUpload and SWFObject libraries; these were bundled with older versions of the application and might still be in use by certain plugins on the current versions of WordPress. The link for this article located at H Security is no longer available. . WordPress resolves file upload safety concerns with a patch addressing flaws in third-party libraries.. WordPress Security, File Upload Issues, Application Patch. . LinuxSecurity.com Team

Calendar%202 Apr 23, 2012 User Avatar LinuxSecurity.com Team Vendors/Products
77
General Esm H240
Price Tag%201security toolwebdavfile upload

Using DAVTest to Effectively Test and Analyze WebDAV Servers

When facing off against a WebDAV enabled server, there are two things to find out quickly: can you upload files, and if so, can you execute code?. DAVTest attempts help answer those questions, as well as enable the pentester to quickly gain access to the host. DAVTest tries to upload test files of various extension types (e.g., The link for this article located at Darknet is no longer available. . WebScan assists security professionals in identifying file upload vulnerabilities and remote command execution in WebDAV servers efficiently.. WebDAV Testing Tool, DAVTest Guide, Penetration Testing Software. . LinuxSecurity.com Team

Calendar%202 Apr 30, 2010 User Avatar LinuxSecurity.com Team Server Security
Banner 4 1028x280 1708121825 1771600306
77
General Esm H240
Price Tag%201security advisoryXSSmoderate severity

Joomla 1.5.13 Moderate XSS And Severe File Upload Risks Advisory

The Joomla developers have announced the release of version 1.5.13 of their content management system (CMS). The security update addresses a critical vulnerability in the Tiny browser included with the TinyMCE 3.0 editor that could allow files to be uploaded or removed without a user needing to be logged in. Version 1.5.12 is affected. Additional details, however, have not been provided.. A moderate cross site scripting (XSS) issue has also been fixed that could cause some files to miss the JEXEC check, causing scripts to expose internal path information to the host. All 1.5.x versions up to and including 1.5.12 are affected. The 1.5.13 update addresses both of the issues. The link for this article located at H Security is no longer available. . Joomla 1.5.13 resolves significant file-related problems and XSS vulnerabilities, bolstering its security capabilities.. Joomla Security, XSS Risk Management, File Upload Protection. . LinuxSecurity.com Team

Calendar%202 Jul 23, 2009 User Avatar LinuxSecurity.com Team Server Security
77
General Esm H240
Price Tag%201security advisorycriticalremote

PHP 4.0.1-4.1.1 Critical Advisory: Remote Code Execution Risks

Multiple critical remote vulnerabilities exist in several versions of PHP. We found several flaws in the way PHP handles multipart/form-data POST requests. Each of the flaws could allow an attacker to execute arbitrary code on the victim's system.. . .. Multiple critical remote vulnerabilities exist in several versions of PHP. We found several flaws in the way PHP handles multipart/form-data POST requests. Each of the flaws could allow an attacker to execute arbitrary code on the victim's system. e-matters GmbH www.e-matters.de -= Security Advisory =- Advisory: Multiple Remote Vulnerabilites within PHP's fileupload code Release Date: 2002/02/27 Last Modified: 2002/02/27 Author: Stefan Esser [This email address is being protected from spambots. You need JavaScript enabled to view it.] Application: PHP v3.10-v3.18, v4.0.1-v4.1.1 Severity: Several vulnerabilities in PHP's fileupload code allow remote compromise Risk: Critical Vendor Status: Patches Released Reference: Overview: We found several flaws in the way PHP handles multipart/form-data POST requests. Each of the flaws could allow an attacker to execute arbitrary code on the victim's system. Details: PHP supports multipart/form-data POST requests (as described in RFC1867) known as POST fileuploads. Unfourtunately there are several flaws in the php_mime_split function that could be used by an attacker to execute arbitrary code. During our research we found out that not only PHP4 but also older versions from the PHP3 tree are vulnerable. The following is a list of bugs we found: PHP 3.10-3.18 - broken boundary check (hard to exploit) - arbitrary heap overflow (easy exploitable) PHP 4.0.1-4.0.3pl1 - broken boundary check (hard to exploit) - heap off by one (easy exploitable) PHP 4.0.2-4.0.5 - 2 broken boundary checks (one very easy and one hard toexploit) PHP 4.0.6-4.0.7RC2 - broken boundary check (very easy to exploit) PHP 4.0.7RC3-4.1.1 - broken boundary check (hard to exploit) Finally I want to mention that most of these vulnerabilities are exploitable only on linux or solaris. But the heap off by one is only exploitable on x86 architecture and the arbitrary heap overflow in PHP3 is exploitable on most OS and architectures. (This includes *BSD) Users running PHP 4.2.0-dev from cvs are not vulnerable to any of the described bugs because the fileupload code was completly rewritten for the 4.2.0 branch. Proof of Concept: e-matters is not going to release exploits for any of the discovered vulnerabilities to the public. Vendor Response: Because I am part of the php developer team there is not much I can write here... 27th February 2002 - An updated version of php and the patch for these vulnerabilities are now available at: PHP: Downloads Recommendation: If you are running PHP 4.0.3 or above one way to workaround these bugs is to disable the fileupload support within your php.ini (file_uploads = Off) If you are running php as module keep in mind to restart the webserver. Anyway you should better install the fixed or a properly patched version to be safe. Sidenotice: This advisory is so short because I don't want to give out more info than is needed. Users running the developer version of php (4.2.0-dev) are not vulnerable to these bugs because the fileupload support was completly rewritten for that branch. GPG-Key: pub 1024D/75E7AAD6 2002-02-26 e-matters GmbH - Securityteam Key fingerprint = 43DD 843C FAB9 832A E5AB CAEB 81F2 8110 75E7 AAD6 Copyright 2002 Stefan Esser. All rights reserved. . Numerous severe remote security issues have been identified in PHP, impacting various iterations. Major weaknesses enableunauthorized code execution.. PHP Exploits, Remote Security Issues, File Upload Vulnerabilities, Critical PHP Flaws. . LinuxSecurity.com Team

Calendar%202 Feb 27, 2002 User Avatar LinuxSecurity.com Team Server Security
Banner 4 1028x280 1708121825 1771600306
News Add Esm H340

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":555,"type":"x","order":1,"pct":78.72,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.26,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.82,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.2,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here