RLSA-2026:2776 Moderate: edk2 security update

EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap CVE-2025-9230 For more details about the security issues, includi...

Security Bulletin: Vulnerability in IBM® Java SDK affects WebSphere Service Registry and Repository due to CVE-2026-1188

Summary A buffer overflow vulnerability in IBM® SDK, Java™ Technology Edition affects IBM WebSphere Service Registry and Repository. This issue is also addressed by WebSphere Application Server shipped with WebSphere Service Registry and Repository. Vulnerability Details CVEID:CVE-2026-1188...

Security Bulletin: Vulnerability in IBM® Java SDK affects IBM WebSphere Application Server and WebSphere Application Server Liberty due to CVE-2026-1188

Summary There is a vulnerability in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE listed in this document might affect some configurations of IBM WebSphere Application Server traditional and IBM...

CVE-2026-1772

RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges...

Security Bulletin: Multiple Vulnerabilities of IBM Java SDK affect Linux KVM Agent from IBM Tivoli Monitoring for Virtual Environments

Summary IBM java SDK is used by Linux KVM Agent from IBM Tivoli Monitoring for Virtual Environments. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that allows an remote attacker to cause a...

RHEL 9 : edk2 (RHSA-2026:3164)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3164 advisory. EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU a...

pwn-claude-plugin

pwn-claude-plugin Claude Code plugin for binary exploitation...

OPENSUSE-SU-2026:20261-1 Security update for openQA, os-autoinst, openQA-devel-container

This update for openQA, os-autoinst, openQA-devel-container fixes the following issues: Changes in openQA: - Update to version 5.1771422749.560a3b26: fixmcp: set navbar check expression to read-only feat: support inverted result filters in /tests/overview fixtest: Enable helm install-chart test...

OPENSUSE-SU-2026:10237-1 libopenssl-3-devel-3.5.3-2.1 on GA media

These are all security issues fixed in the libopenssl-3-devel-3.5.3-2.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-27492 Lettermint Node.js SDK leaks email properties to unintended recipients when client instance is reused

Lettermint Node.js SDK is the official Node.js SDK for Lettermint. In versions 1.5.0 and below, email properties such as to, subject, html, text, and attachments are not reset between sends when a single client instance is reused across multiple .send calls. This can cause properties from a...

MVP Development in the Age of AI: How Startups Can Build Smarter, Faster and Leaner

How AI is reshaping MVP development, helping startups build faster, validate smarter, avoid overbuilding, manage tech debt, and embed security early...

Pannellum has a XSS vulnerability in hot spot attributes

Impact The hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hosting the standalone viewer HTML file and any other use of untrusted JSON config files bypassing the...

CVE-2026-26267 rs-soroban-sdk #[contractimpl] macro calls inherent function instead of trait function when names collide

soroban-sdk is a Rust SDK for Soroban contracts. Prior to versions 22.0.10, 23.5.2, and 25.1.1, the contractimpl macro contains a bug in how it wires up function calls. contractimpl generates code that uses MyContract::value style calls even when it's processing the trait version. This means if a...

CVE-2025-69287

The BSV Blockchain SDK is a unified TypeScript SDK for developing scalable apps on the BSV Blockchain. Prior to version 2.0.0, a cryptographic vulnerability in the TypeScript SDK's BRC-104 authentication implementation caused incorrect signature data preparation, resulting in signature...

java-11-openjdk security update

1:11.0.31.0.1-1.0.1 - Update to jdk-11.0.31+1 Orabug: 38950473 - Fixes CVE-2025-64720 CVE-2025-65018 CVE-2026-21925 - CVE-2026-21933 CVE-2026-21945...

Photon OS 4.0: Openjdk11 PHSA-2026-4.0-0961

An update of the openjdk11 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0961. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

From Shadow APIs to Shadow AI: How the API Threat Model Is Expanding Faster Than Most Defenses

The shadow technology problem is getting worse. Over the past few years, organizations have scaled microservices, cloud-native apps, and partner integrations faster than corporate governance models could keep up, resulting in undocumented or shadow APIs. We’re now seeing this pattern all over aga...

CVE-2026-1368

The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its nonce verification commented out, allowing unauthenticated attackers to generate valid Zoom SDK signatures for any meeting ID and retrieve the site's Zoom SDK key...

BSV SDK 安全漏洞

The BSV SDK is an open-source developer toolkit for BSV Blockchain. Versions of the BSV SDK prior to 2.0.0 contained security vulnerabilities. These vulnerabilities stemmed from errors in the signature data preparation process within the BRC-104 authentication mechanism, which could lead to...

GHSA-4HG8-92X6-H2F3 OpenClaw is Missing Webhook Authentication in Telnyx Provider Allows Unauthenticated Requests

Summary In affected versions, OpenClaw's optional @openclaw/voice-call plugin Telnyx webhook handler could accept unsigned inbound webhook requests when telnyx.publicKey was not configured, allowing unauthenticated callers to forge Telnyx events. This only impacts deployments where the Voice Call...