[SECURITY] Fedora 43 Update: dotnet9.0-9.0.115-1.fc43

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

Claude SDK for Python 安全漏洞

Claude SDK for Python is an open-source Python software development toolkit developed by Anthropic for calling the Claude API. Versions of Claude SDK for Python prior to 0.87.0 contained a security vulnerability. This vulnerability stemmed from improper file permission settings created by memory...

CVE-2026-30309

CVE-2026-30309 affects InfCode’s terminal auto-execution module. The predefined blocklist fails to cover native high-risk commands in Windows PowerShell (e.g., powershell), and the matching algorithm lacks dynamic semantic parsing, failing to recognize string concatenation, variable assignment, o...

The Real Risk of Vibecoding

This blog looks at how AI‑driven vibecoding speeds up software development while increasing security risk by outpacing traditional review and ownership. It explains why security needs to move earlier and be built into modern development workflows...

Amazon Linux 2023 : libssh, libssh-config, libssh-devel (ALAS2023-2026-1472)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1472 advisory. libssh: SCP Protocol Path Traversal in sshscppullrequest CVE-2026-0964 libssh: Specially crafted patterns could cause DoS CVE-2026-0967 Tenable has extracted the preceding description block...

Amazon Linux 2023 : libde265, libde265-devel (ALAS2023-2026-1477)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1477 advisory. strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decodercontext::computeframedroptable. CVE-2025-61147 Tenable has extracted the preceding description...

[SECURITY] Fedora 42 Update: dotnet10.0-10.0.104-1.fc42

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

Linux Distros Unpatched Vulnerability : CVE-2026-33167

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does no...

Detecting Protracted Vulnerabilities in Open Source Projects

Timely resolution and disclosure of vulnerabilities are essential for maintaining the security of open-source software. However, many vulnerabilities remain unreported, unpatched, or undisclosed for extended periods, exposing users to prolonged security threats. While various vulnerability...

CVE-2026-32422

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP EasyCart: from n/a through = 5.8.13...

CVE-2026-25571

A vulnerability has been identified in SICAM SIAPP SDK All versions V2.1.7. The SICAM SIAPP SDK client component does not enforce maximum length checks on certain variables before use. This could allow an attacker to send an oversized input that could trigger a stack overflow crashing the process...

CVE-2026-27281

DNG SDK versions 1.7.1 2471 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to cause the application to crash or become unresponsive. Exploitation of this issue requires user...

CVE-2026-30979

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow in CIccCalculatorFunc::InitSelectOp triggered with local user interaction causing memory corruption/crash. This vulnerability is fixed in 2.3.1.5...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects App Connect Professional

Summary There are multiple vulnerabilities in the IBM SDK Java Technology used by App Connect Professional. App Connect Professional has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily...

[SECURITY] Fedora 44 Update: dotnet8.0-8.0.125-1.fc44

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

[SECURITY] Fedora 44 Update: dotnet9.0-9.0.115-1.fc44

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

[SECURITY] Fedora 44 Update: dotnet10.0-10.0.104-1.fc44

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

AlmaLinux 8 : virt:rhel and virt-devel:rhel (ALSA-2026:5578)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:5578 advisory. qemu-kvm: VNC WebSocket handshake use-after-free CVE-2025-11234 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory...

Roadiz development monorepo 代码问题漏洞

The Roadiz Development Monorepo is an open-source content management system development kit developed by Roadiz. Versions of the Roadiz Development Monorepo prior to 2.7.9, 2.6.28, 2.5.44, and 2.3.42 contained code vulnerabilities. These vulnerabilities allowed authenticated attackers to read...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Jan 2026 CPU (CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by IBM Tivoli System Automation for Multiplatforms. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability iss...