CVE-2026-46027

net/smc: avoid early lgr access in smcclcwaitmsg...

CVE-2026-24029

When the earlyacldrop earlyACLDrop in Lua option is disabled default is enabled on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL...

CVE-2026-24029

When the earlyacldrop earlyACLDrop in Lua option is disabled default is enabled on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL...

PowerDNS DNSdist 安全漏洞

PowerDNS DNSdist is a proxy software provided by PowerDNS that offers capabilities for DNS traffic load balancing and security protection. PowerDNS DNSdist has a security vulnerability that arises from skipping ACL checks when the earlyacl Drop option is disabled. This vulnerability may cause all...

Important: Red Hat Security Advisory: Red Hat OpenShift AI 3.4.0-ea.1 Release

Updated images are now available for Red Hat OpenShift AI. This advisory contains the container images for Red Hat OpenShift AI 3.4.0-ea.1. This release is provided as Early Access EA, offering a preview of upcoming features and functionality. It is intended for evaluation and feedback during...

CVE-2026-28410 The Graph: Revocable vesting contracts allows early access to locked tokens

The Graph is an indexing protocol for querying networks like Ethereum, IPFS, Polygon, and other blockchains. Prior to version 3.0.0, a flaw in the token vesting contracts allows users to access tokens that should still be locked according to their vesting schedule. This issue has been patched in...

CVE-2026-28410

The Graph (pre-3.0.0) had a flaw in token vesting contracts that could allow users to access tokens still locked by the vesting schedule. The issue is resolved in version 3.0.0. The CVSS metrics indicate NETWORK access with low complexity and no user interaction, resulting in a medium base score....

CVE-2026-28410 The Graph: Revocable vesting contracts allows early access to locked tokens

The Graph is an indexing protocol for querying networks like Ethereum, IPFS, Polygon, and other blockchains. Prior to version 3.0.0, a flaw in the token vesting contracts allows users to access tokens that should still be locked according to their vesting schedule. This issue has been patched in...

CVE-2026-28410 The Graph: Revocable vesting contracts allows early access to locked tokens

The Graph is an indexing protocol for querying networks like Ethereum, IPFS, Polygon, and other blockchains. Prior to version 3.0.0, a flaw in the token vesting contracts allows users to access tokens that should still be locked according to their vesting schedule. This issue has been patched in...

PT-2026-23505

Name of the Vulnerable Software and Affected Versions The Graph versions prior to 3.0.0 Description A flaw exists in the token vesting contracts of The Graph protocol. This issue allows users to access tokens before they are released according to their vesting schedule. The problem was addressed...

java-17-openjdk security update

1:17.0.18.0.8-1.0.1 - Add Oracle vendor bug URL Orabug: 34340155 1:17.0.18.0.8-1 - Update to jdk-17.0.18+8 GA - Add to .gitignore openjdk-17.0.18+8.tar.xz - Sync java-17-openjdk-portable.specfile from openjdk-portable-rhel-8 - Set buildver to 8 - Set isga to 1 - Update sources to...

Prompt injection in Opera Neon: Rapid response through responsible disclosure

Security Prompt injection in Opera Neon: Rapid response through responsible disclosure Share October 23rd, 2025 Hi Opera users, This week, we were able to address a real-world security scenario on Opera Neon thanks to the work of a security researcher team. The researchers reached out to us throu...

Protected with Opera Neon: Understanding agentic browser security

Security Protected with Opera Neon: Understanding agentic browser security Share October 21st, 2025 Hi Opera users, If you were hanging out around these parts in the past few weeks, you might have noticed that we launched Opera Neon – an AI agentic browser that can browse with you or for you, tak...

EUVD-2022-6827

Malicious code in bioql PyPI...

XenServer Security Update for CVE-2025-27465

Severity: Medium Description of Problem An issue has been identified in XenServer 8.4 that may allow privileged code in a guest VM to cause the host to crash or become unresponsive. This issue has the following identifier: CVE-2025-27465 Affected Versions This issue affects XenServer 8.4. Note th...

GHSA-V345-W9F2-MPM5 Sentry improperly authorizes muting of alert rules

Impact An authenticated user can mute alert rules from arbitrary organizations and projects given a known given rule ID. The user does not need to be a member of the organization or have permissions on the project. In our review, we have identified no instances where alerts have been muted by...

Security Advisory Ivanti Workspace Control (IWC)

Summary Ivanti has released a version of a new product architecture for Ivanti Workspace Control IWC which addresses high and critical vulnerabilities. Successful exploitation could lead to an escalation of privileges and lateral movement. IWC is intended to be a non-internet facing product, and...

Microsoft Security Copilot drives new product integrations at Microsoft Ignite to empower security and IT teams

First announced in March 2023, Microsoft Security Copilot—Microsofts first generative AI security product—has sparked major interest. The widespread enthusiasm was on full display after announcing our Early Access Program in October 2023 and sharing our incredible Security Copilot innovations at...

Rapid7 Introduces AI-driven Cloud Anomaly Detection

It’s that time of year again! AWS Re:Invent, Amazon Web Services’ annual mega-conference will soon kick off in Las Vegas and there are sure to be a ton of new cloud security innovations unveiled throughout the week. From a Rapid7 perspective, we’re launching an exciting new capability - Cloud...

Microsoft unveils expansion of AI for security and security for AI at Microsoft Ignite

The future of security with AI The increasing speed, scale, and sophistication of recent cyberattacks demand a new approach to security. Traditional tools are no longer enough to keep pace with the threats posed by cybercriminals. In just two years, the number of password attacks detected by...