Vulnerabilities

A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to version 0.12.28, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct chunks contain identical text, resulting in one chunk overwriting another. This can cause loss of semantically or legally important document content, breakage of parent-child chunk hierarchies, and inaccurate or hallucinated responses in AI outputs. The issue is resolved in version 0.3.1.

A maliciously crafted RFA, RTE, or RVT file, when parsed through Autodesk Revit, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

A maliciously crafted RTE file, when parsed through Autodesk Revit, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.

Improper Control of Generation of Code (&amp;#39;Code Injection&amp;#39;) vulnerability in OpenText™ Directory Services allows Remote Code Inclusion. The<br /> vulnerability could allow access to the system via script injection.This issue affects Directory Services: 23.4.

An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-level user invitation restrictions by manipulating group invitation functionality.

An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated maintainers to bypass group-level user invitation restrictions by sending crafted API requests.

An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by injecting malicious content.

Weak Password Requirements vulnerability in Mitsubishi Electric Corporation photovoltaic system monitor “EcoGuideTAB” PV-DR004J all versions and PV-DR004JA all versions allows an attacker within the Wi-Fi communication range between the units of the product (measurement unit and display unit) to derive the password from the SSID. In addition, if the product is configured to enable the individual air conditioner control function, an attacker who has access to the Wi-Fi communication between the units by exploiting this vulnerability may be able to execute ECHONET Lite commands to perform operations such as turning the air conditioner on or off and changing the set temperature. The individual air conditioner control function is available only in display unit version 02.00.01 or later and measurement unit version 02.03.01 or later. The affected products discontinued in 2015, support ended in 2020.

Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Corporation photovoltaic system monitor “EcoGuideTAB” PV-DR004J all versions and PV-DR004JA all versions allows an attacker within the Wi-Fi communication range between the units of the product (measurement unit and display unit) to disclose information such as generated power and electricity sold back to the grid stored in the product, tamper with or destroy stored or configured information in the product, or cause a Denial-of-Service (DoS) condition on the product, by using hardcoded user ID and password common to the product series obtained by exploiting CVE-2025-5022. The affected products discontinued in 2015, support ended in 2020.

An issue has been discovered in GitLab EE affecting all versions from 13.3 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated project owners to bypass group-level forking restrictions by manipulating API requests.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> f2fs: fix to do sanity check on ino and xnid<br /> <br /> syzbot reported a f2fs bug as below:<br /> <br /> INFO: task syz-executor140:5308 blocked for more than 143 seconds.<br /> Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0<br /> "echo 0 &gt; /proc/sys/kernel/hung_task_timeout_secs" disables this message.<br /> task:syz-executor140 state:D stack:24016 pid:5308 tgid:5308 ppid:5306 task_flags:0x400140 flags:0x00000006<br /> Call Trace:<br /> <br /> context_switch kernel/sched/core.c:5378 [inline]<br /> __schedule+0x190e/0x4c90 kernel/sched/core.c:6765<br /> __schedule_loop kernel/sched/core.c:6842 [inline]<br /> schedule+0x14b/0x320 kernel/sched/core.c:6857<br /> io_schedule+0x8d/0x110 kernel/sched/core.c:7690<br /> folio_wait_bit_common+0x839/0xee0 mm/filemap.c:1317<br /> __folio_lock mm/filemap.c:1664 [inline]<br /> folio_lock include/linux/pagemap.h:1163 [inline]<br /> __filemap_get_folio+0x147/0xb40 mm/filemap.c:1917<br /> pagecache_get_page+0x2c/0x130 mm/folio-compat.c:87<br /> find_get_page_flags include/linux/pagemap.h:842 [inline]<br /> f2fs_grab_cache_page+0x2b/0x320 fs/f2fs/f2fs.h:2776<br /> __get_node_page+0x131/0x11b0 fs/f2fs/node.c:1463<br /> read_xattr_block+0xfb/0x190 fs/f2fs/xattr.c:306<br /> lookup_all_xattrs fs/f2fs/xattr.c:355 [inline]<br /> f2fs_getxattr+0x676/0xf70 fs/f2fs/xattr.c:533<br /> __f2fs_get_acl+0x52/0x870 fs/f2fs/acl.c:179<br /> f2fs_acl_create fs/f2fs/acl.c:375 [inline]<br /> f2fs_init_acl+0xd7/0x9b0 fs/f2fs/acl.c:418<br /> f2fs_init_inode_metadata+0xa0f/0x1050 fs/f2fs/dir.c:539<br /> f2fs_add_inline_entry+0x448/0x860 fs/f2fs/inline.c:666<br /> f2fs_add_dentry+0xba/0x1e0 fs/f2fs/dir.c:765<br /> f2fs_do_add_link+0x28c/0x3a0 fs/f2fs/dir.c:808<br /> f2fs_add_link fs/f2fs/f2fs.h:3616 [inline]<br /> f2fs_mknod+0x2e8/0x5b0 fs/f2fs/namei.c:766<br /> vfs_mknod+0x36d/0x3b0 fs/namei.c:4191<br /> unix_bind_bsd net/unix/af_unix.c:1286 [inline]<br /> unix_bind+0x563/0xe30 net/unix/af_unix.c:1379<br /> __sys_bind_socket net/socket.c:1817 [inline]<br /> __sys_bind+0x1e4/0x290 net/socket.c:1848<br /> __do_sys_bind net/socket.c:1853 [inline]<br /> __se_sys_bind net/socket.c:1851 [inline]<br /> __x64_sys_bind+0x7a/0x90 net/socket.c:1851<br /> do_syscall_x64 arch/x86/entry/common.c:52 [inline]<br /> do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83<br /> entry_SYSCALL_64_after_hwframe+0x77/0x7f<br /> <br /> Let&amp;#39;s dump and check metadata of corrupted inode, it shows its xattr_nid<br /> is the same to its i_ino.<br /> <br /> dump.f2fs -i 3 chaseyu.img.raw<br /> i_xattr_nid [0x 3 : 3]<br /> <br /> So that, during mknod in the corrupted directory, it tries to get and<br /> lock inode page twice, result in deadlock.<br /> <br /> - f2fs_mknod<br /> - f2fs_add_inline_entry<br /> - f2fs_get_inode_page --- lock dir&amp;#39;s inode page<br /> - f2fs_init_acl<br /> - f2fs_acl_create(dir,..)<br /> - __f2fs_get_acl<br /> - f2fs_getxattr<br /> - lookup_all_xattrs<br /> - __get_node_page --- try to lock dir&amp;#39;s inode page<br /> <br /> In order to fix this, let&amp;#39;s add sanity check on ino and xnid.