Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.39 bug fix and security update

Red Hat OpenShift Container Platform release 4.18.39 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a...

GHSA-PQ7P-MC74-G65W PocketBase vulnerable to account pre-hijacking via OAuth2 unverfied->verified autolinking upgrade

A pre-hijacking issue was discovered with the OAuth2 autolinking by Alardiians. In some situations, if an attacker knows the email address of the victim they can create and link an unverified PocketBase user in advance by authenticating with one of the OAuth2 app providers, e.g. "A". When the...

Important: Red Hat Security Advisory: RHACS 4.10.2 security and bug fix update

Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...

Important: Red Hat Security Advisory: RHACS 4.9.6 security and bug fix update

Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses jjwt-impl-0.11.5.jar which is vulnerable to CVE-2024-31033

Summary IBM Maximo Application Suite - Visual Inspection component uses jjwt-impl-0.11.5.jar which is vulnerable to CVE-2024-31033, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2024-31033 DESCRIPTION: JJWT aka Java JWT through...

Medium: docker

Issue Overview: Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 148 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 148.0.7778.96 Linux 148.0.7778.96/97 Windows/Mac contains a number of fixes and improvements -- a list of changes is availab...

Important: kernel-livepatch-5.10.251-248.983

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place To mitigate this issue, we recommend that customers disable loading of the algifaead module by running the following commands: echo "install algifaead /bin/fals...

CVE-2026-41572

Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/id, /api/notes/id/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note I...

CVE-2026-41572

Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/id, /api/notes/id/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note I...

CVE-2026-41572 Note Mark: Unauthenticated read of notes and assets in soft-deleted public books

Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/id, /api/notes/id/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note I...

CVE-2026-41572

Note Mark (project: Note Mark) contains an authenticated/un-authenticated access flaw prior to version 0.19.3 where, after a public book is soft-deleted, notes and uploaded assets remain readable via /api/notes/{id}, /api/notes/{id}/content, the slug path, and asset endpoints. Root cause: GORM’s ...

EUVD-2026-27053

Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/id, /api/notes/id/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note I...

CVE-2026-41572 Note Mark: Unauthenticated read of notes and assets in soft-deleted public books

Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/id, /api/notes/id/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note I...

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management for Kubernetes v2.15.2 security update

Red Hat Advanced Cluster Management for Kubernetes 2.15 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. Red Hat Advanced Cluster Management for Kubernetes 2.15 images Red Hat Advanced Cluster Management for Kubernetes provides...

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Container Release Update

An update is now available for Red Hat Ansible Automation Platform 2.6 Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams,...

Important: Red Hat Security Advisory: OpenShift Virtualization v4.19 Images

Red Hat OpenShift Virtualization release v4.19 is now available with updates to packages and images that fix several bugs and add enhancements. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...

HTML Injection

github.com/abhinavxd/libredesk is vulnerable to stored HTML injection. The vulnerability is due to improper sanitization of user input in the contact notes feature, which allows an attacker to inject arbitrary HTML by manipulating the request and exploit it to perform phishing, CSRF-style actions...

[SECURITY] Fedora 43 Update: python3.14-3.14.4-2.fc43

Python 3.14 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries...

PT-2026-36891

Name of the Vulnerable Software and Affected Versions Note Mark versions prior to 0.19.3 Description An issue exists where notes and uploaded assets remain accessible after a public book is soft-deleted. Unauthenticated users with the note ID or slug path can access data via the endpoints...