Security Bulletin: Multiple vulnerabilities in IBM Aspera Console

Summary Multiple vulnerabilities were addressed in IBM Aspera Console version 3.4.10 Vulnerability Details CVEID:CVE-2026-26961 DESCRIPTION: Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser extracts the boundary parameter from...

Malicious code in otomi-console (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f9238b0645d7de5b5df1ba2ccc3d6a6d2d476b29cfd3a7eaa583ec4c32c7839 The package otomi-console was found to contain malicious code...

MAL-2026-2788 Malicious code in otomi-console (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f9238b0645d7de5b5df1ba2ccc3d6a6d2d476b29cfd3a7eaa583ec4c32c7839 The package otomi-console was found to contain malicious code...

Arcserve UDP Console vulnerable to redirect to a dummy URL

Overview UDP Console provided by Arcserve contains the following vulnerability. Incorrectly specified destination in a communication channel CWE-941 - CVE-2026-40118 Shingo Ando reported this vulnerability to IPA, IPA reported it to Arcserve, and JPCERT/CC coordinated with Arcserve to publish the...

EUVD-2026-23192

UDP Console provided by Arcserve contains an incorrectly specified destination in a communication channel vulnerability. When a user configures an activation server hostname of the affected product to a dummy URL, the product may unintentionally communicate with the dummy domain, causing...

CVE-2026-40118

UDP Console provided by Arcserve contains an incorrectly specified destination in a communication channel vulnerability. When a user configures an activation server hostname of the affected product to a dummy URL, the product may unintentionally communicate with the dummy domain, causing...

CVE-2026-40118

CVE-2026-40118 involves Arcserve’s UDP Console. The issue is an incorrectly specified destination in a communication channel: if a user configures the activation server hostname to a dummy URL, the product may contact that dummy domain, potentially causing information disclosure. The provided doc...

CVE-2026-40118

UDP Console provided by Arcserve contains an incorrectly specified destination in a communication channel vulnerability. When a user configures an activation server hostname of the affected product to a dummy URL, the product may unintentionally communicate with the dummy domain, causing...

CVE-2026-40118

UDP Console provided by Arcserve contains an incorrectly specified destination in a communication channel vulnerability. When a user configures an activation server hostname of the affected product to a dummy URL, the product may unintentionally communicate with the dummy domain, causing...

CVE-2026-40118

UDP Console provided by Arcserve contains an incorrectly specified destination in a communication channel vulnerability. When a user configures an activation server hostname of the affected product to a dummy URL, the product may unintentionally communicate with the dummy domain, causing...

Arcserve UDP Console 安全漏洞

Arcserve UDP Console is a data protection management console developed by the American company Arcserve. There are security vulnerabilities in Arcserve UDP Console. These vulnerabilities stem from incorrect target designation in the communication channel, which may lead to unexpected communicatio...

MuPDF 安全漏洞

MuPDF is an open-source software library written in C language by MuPDF. It is used to render pages as bitmaps, but it also provides support for other operations such as searching and listing directories and links. MuPDF has a security vulnerability that stems from the failure to clean up PDF...

PT-2026-33258

UDP Console provided by Arcserve contains an incorrectly specified destination in a communication channel vulnerability. When a user configures an activation server hostname of the affected product to a dummy URL, the product may unintentionally communicate with the dummy domain, causing...

CVE-2026-27914

Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally...

Important: Red Hat Security Advisory: Red Hat Web Terminal Operator 1.13.0 release.

Red Hat Web Terminal Operator 1.13.0 has been released. The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed...

Important: Red Hat Security Advisory: Red Hat Web Terminal Operator 1.14.0 release.

Red Hat Web Terminal Operator 1.14.0 has been released. The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed...

runc: container escape with malicious config due to /dev/console mount and related races

A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console bind-mounts. When creating the /dev/console bind-mount to /dev/pts/$n, if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount...

TrendAI Apex One Console Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Apex One console, which listens on TCP ports 8080 and 4343 by default. The issu...

Important: Red Hat Security Advisory: Red Hat Web Terminal Operator 1.15.0 release.

Red Hat Web Terminal Operator 1.15.0 has been released. The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed...

EUVD-2026-22458

Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally...