CVE-2026-7381

Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting sendfile type to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware constructor or the...

Security Bulletin: IBM Application Modernization Accelerator is affected by multiple vulnerabilities found in Java, JavaScript and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java, JavaScript and IBM WebSphere Application Server Liberty used by IBM Application Modernization Accelerator. Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, an...

USN-8180-4 linux-azure-fips vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Drivers core; - Bluetooth drivers; - DMA engine subsystem; - GPU...

USN-8180-3: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Drivers core; - Bluetooth drivers; - DMA engine subsystem; - GPU...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010879)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010879 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix DMA transfer direction When CONFIGDMAAPIDEBUG is selected, while running the...

USN-8188-1: Linux kernel (HWE) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Cryptographic API; - Drivers core; - Bluetooth drivers; - DMA engine...

USN-8188-1 linux-hwe-5.15 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Cryptographic API; - Drivers core; - Bluetooth drivers; - DMA engine...

USN-8187-1 linux-nvidia-tegra, linux-nvidia-tegra-igx vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Drivers core; - Bluetooth drivers; - DMA engine subsystem; - GPU...

USN-8187-1: Linux kernel (NVIDIA) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Drivers core; - Bluetooth drivers; - DMA engine subsystem; - GPU...

USN-8186-1 linux-intel-iot-realtime, linux-realtime vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Drivers core; - Bluetooth drivers; - DMA engine subsystem; - GPU...

USN-8180-2: Linux kernel (FIPS) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Drivers core; - Bluetooth drivers; - DMA engine subsystem; - GPU...

USN-8180-2 linux-fips, linux-gcp-fips vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Drivers core; - Bluetooth drivers; - DMA engine subsystem; - GPU...

Security Bulletin: IBM Application Modernization Accelerator is vulnerable to multiple vulnerabilities found in Node.js

Summary There are multiple vulnerabilities in Node.js used by IBM Application Modernization Accelerator. Vulnerability Details CVEID:CVE-2026-2359 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability in Multer prior to version 2.1.0 allows an attacker to...

USN-8180-1 linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gke, linux-gkeop, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Drivers core; - Bluetooth drivers; - DMA engine subsystem; - GPU...

PT-2026-30038

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Validate command buffer payload count The count field in the command header is used to determine the valid payload size. Verify that the valid payload does not exceed the remaining buffer space...

Permissive Regular Expression

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

CVE-2019-25628

Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting malicious URLs. Attackers can create specially crafted URLs with overflowing buffer data that overwrites SEH pointers and...

CVE-2026-23280

A flaw was found in the Linux kernel's accel/amdxdna component. The calculation for the ubuf size may overflow, leading to an undersized memory allocation. This can result in memory corruption, potentially allowing an attacker to cause a denial of service or execute arbitrary code...

EUVD-2026-15216

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix out-of-bounds memset in command slot handling The remaining space in a command slot may be smaller than the size of the command header. Clearing the command header with memset before verifying the available slo...

CVE-2026-23288

A flaw was found in the Linux kernel's accel/amdxdna component. This vulnerability occurs when clearing a command header with memset before verifying the available slot space, which can be smaller than the header size. This can lead to an out-of-bounds write and memory corruption. An attacker cou...