Important: Red Hat Security Advisory: grafana-pcp security update

An update for grafana-pcp is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

A flaw was found in Go's crypto/x509 package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service DoS for...

[SECURITY] Fedora 43 Update: uv-0.11.11-1.fc43

An extremely fast Python package and project manager, written in Rust. Highlights: =E2=80=A2 A single tool to replace pip, pip-tools, pipx, poetry, pyenv, twi ne, virtualenv, and more. =E2=80=A2 10-100x faster than pip. =E2=80=A2 Provides comprehensive project management, with a universal lockf...

PT-2026-41729

Name of the Vulnerable Software and Affected Versions russh versions prior to 0.58.0 russh versions 0.60.x Description An issue exists in the CryptoVec component involving unchecked capacity growth, unchecked length arithmetic, and unsafe allocation and locking paths. In versions prior to 0.58.0,...

RHEL 10 : grafana-pcp (RHSA-2026:18027)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:18027 advisory. The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and...

[SECURITY] Fedora 42 Update: firefox-150.0.3-1.fc42

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability...

[SECURITY] Fedora 43 Update: nginx-1.30.1-1.fc43

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

[SECURITY] Fedora 43 Update: firefox-150.0.3-1.fc43

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability...

GHSA-9RMH-MM8F-R9H6 Svelte: ReDoS in `<svelte:element>` Tag Validation

An internal regex in the Svelte runtime can take exponential time to test in . You are only vulnerable to this if you allow tags of unconstrained length. If your application only allows a predetermined list of tags or trims their length before passing them to svelte:element, you are safe...

EUVD-2026-30306

Open OnDemand is an open-source high-performance computing portal. Prior to 4.0.11, 4.1.5, and 4.2.2, specially crafted filenames can execute javascript in the file browser This vulnerability is fixed in 4.0.11, 4.1.5, and 4.2.2...

portofolio_DWForSec

DwF — Cybersecurity Portfolio A professional cybersecurity po...

GHSA-9MHV-8H52-Q7Q2 Absinthe: Quadratic fragment-name uniqueness check

Summary An unauthenticated attacker can stall an Absinthe-backed GraphQL endpoint by submitting a query that contains many fragment definitions. The fragment-name uniqueness validation phase is ON² in the number of fragments, so a single modestly-sized request burns seconds of CPU per worker, and...

Security Bulletin: DevOps Test Performance contains vulnerabilities related to use of Eclipse Jetty

Summary Due to use of Eclipse Jetty, DevOps Test Performance and Rational Performance Tester contain potential input validation, information exposure, integer overflow, memory allocation, HTTP parsing, and URI authority validation vulnerabilities. Vulnerability Details CVEID:CVE-2022-2047...

SUSE CVE-2026-43416

In the Linux kernel, the following vulnerability has been resolved: powerpc, perf: Check that current-mm is alive before getting user callchain It may happen that mm is already released, which leads to kernel panic. This adds the NULL check for current-mm, similarly to commit 20afc60f892d "x86,...

RHEL 10 : podman (RHSA-2026:17040)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17040 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use...

feedparser-redos-poc

feedparser ReDoS — syncauthordetail Proof of Concept f...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of netty-codec-http

Summary Due to use of netty-codec-http, DevOps Test Performance and Rational Performance Tester contain a potential CRLF injection vulnerability. Vulnerability Details CVEID:CVE-2026-41417 DESCRIPTION: Netty allows request-line validation to be bypassed when a DefaultHttpRequest or...

CVE-2026-20772

Uncontrolled search path for some IntelR Connectivity Performance Suite software installers before version 50.25.1121.193 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may...

CVE-2026-20772

Intel Connectivity Performance Suite installers prior to version 50.25.1121.193 have an Uncontrolled search path in Ring 3 that may allow privilege escalation. An authenticated user with local access, high attack complexity, and active user interaction could exploit this. Affects confidentiality,...

CVE-2026-20772

Uncontrolled search path for some IntelR Connectivity Performance Suite software installers before version 50.25.1121.193 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may...