Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (February 2026)

Summary Multiple vulnerabilities have been addressed in Data Virtualization on IBM Software Hub. Note that Data Virtualization was named Watson Query on IBM Cloud Pak for Data version 4.8. Vulnerability Details CVEID:CVE-2025-69277 DESCRIPTION: libsodium before ad3004e, in atypical use cases...

SUSE CVE-2026-27699

The basic-ftp FTP client library for Node.js contains a path traversal vulnerability CWE-22 in versions prior to 5.2.0 in the downloadToDir method. A malicious FTP server can send directory listings with filenames containing path traversal sequences ../ that cause files to be written outside the...

SUSE CVE-2026-28296

A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed CRLF sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and...

Directory Traversal

Overview com.github.junrar:junrar is a rar decompression library in plain java. Affected versions of this package are vulnerable to Directory Traversal via the LocalFolderExtractor component. An attacker can write arbitrary files with attacker-controlled content anywhere on the filesystem by...

Neurosymbolic Learning for Advanced Persistent Threat Detection under Extreme Class Imbalance

The growing deployment of Internet of Things IoT devices in smart cities and industrial environments increases vulnerability to stealthy, multi-stage advanced persistent threats APTs that exploit wireless communication. Detection is challenging due to severe class imbalance in network traffic,...

Quantifying Catastrophic Forgetting in IoT Intrusion Detection Systems

Distribution shifts in attack patterns within RPL-based IoT networks pose a critical threat to the reliability and security of large-scale connected systems. Intrusion Detection Systems IDS trained on static datasets often fail to generalize to unseen threats and suffer from catastrophic forgetti...

Linux Distros Unpatched Vulnerability : CVE-2026-27587

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP path request matcher is intended to be case-insensitive,...

PT-2026-22382

Name of the Vulnerable Software and Affected Versions Beszel versions prior to 0.18.2 Beszel versions 0.18.2 through 0.18.3 Description Beszel is a server monitoring platform. The platform’s authenticated API endpoints, specifically ''/api/beszel/containers/logs'' and...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key. An attacker can access another user's workout routine details, including day sequences, exercise structure, training logs, and statistics, by making API requests to endpoints with a...

GHSA-42CR-W2GR-M54Q wger: IDOR via user-unscoped cache keys on routine API actions exposes workout data

Summary Five routine detail action endpoints check a cache before calling self.getobject. Cache keys are scoped only by pk — no user ID is included. When a victim has previously accessed their routine via the API, an attacker can retrieve the cached response for the same PK without any ownership...

wger: IDOR via user-unscoped cache keys on routine API actions exposes workout data

Summary Five routine detail action endpoints check a cache before calling self.getobject. Cache keys are scoped only by pk — no user ID is included. When a victim has previously accessed their routine via the API, an attacker can retrieve the cached response for the same PK without any ownership...

Exploit for CVE-2026-28296

CVE-2026-28296 - GVFS FTP Backend CRLF Command Injection...

EUVD-2026-8861

A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed CRLF sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and...

DEBIAN-CVE-2026-28296

A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed CRLF sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and...

CVE-2026-28296

A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed CRLF sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and...

CVE-2026-28296

A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed CRLF sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and...

UBUNTU-CVE-2026-28296

A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed CRLF sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and...

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 16, 2026 to February 22, 2026)

Triple Threat Bug Bounty Challenge Hunt High Threat vulnerabilities and earn triple the incentives! Now through April 6, 2026 , earn three stacked bonuses on all valid submissions from our 'High Threat Vulnerabilities' list: 2x all high threat vulnerability bounties excluding 5,000,000+ installs...

Security update for redis7

This update for redis7 fixes the following issue: a user can manipulate data read by a connection by injecting sequences into a Redis error reply bsc1258706. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2026:0667-1 Security update for redis7

This update for redis7 fixes the following issue: - a user can manipulate data read by a connection by injecting sequences into a Redis error reply bsc1258706...