CVE-2026-31528

In the Linux kernel, the following vulnerability has been resolved: perf: Make sure to use pmuctx-pmu for groups Oliver reported that x86pmudel ended up doing an out-of-bound memory access when groupschedin fails and needs to roll back. This should be handled by the transaction callbacks, but he...

CVE-2026-31528 perf: Make sure to use pmu_ctx->pmu for groups

In the Linux kernel, the following vulnerability has been resolved: perf: Make sure to use pmuctx-pmu for groups Oliver reported that x86pmudel ended up doing an out-of-bound memory access when groupschedin fails and needs to roll back. This should be handled by the transaction callbacks, but he...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the path-to-regexp library

Summary Due to use of the path-to-regexp library, DevOps Test Performance and Rational Performance Tester contain a potential Regular Expression Denial of Service ReDoS vulnerability. Vulnerability Details CVEID:CVE-2026-4923 DESCRIPTION: Impact: When using multiple wildcards, combined with at...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013768)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013768 advisory. In the Linux kernel, the following vulnerability has been resolved: net/sched: fqpie: avoid stalls in fqpietimer When setting a high number of flows limit being 6553...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013803)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013803 advisory. In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd/core: Always clear status for idx The variable 'status' which contains the unhandled...

Linux Distros Unpatched Vulnerability : CVE-2026-31528

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - perf: Make sure to use pmuctx-pmu for groups Oliver reported that x86pmudel ended up doing an out- of-bound memory access when groupschedin fails and needs to...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the path-to-regexp package

Summary Due to use of the path-to-regexp package, DevOps Test Performance and Rational Performance Tester contain a potential Regular Expression Denial of Service ReDoS vulnerability. Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression is generated any time you...

Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF19 patch. Vulnerability Details CVEID:CVE-2022-39135 DESCRIPTION: Apache Calcite 1.22.0 introduced the SQL operators EXISTSNODE, EXTRACTXML, XMLTRANSFORM and EXTRACTVALUE do not restrict XML Extern...

Evaluating LLM-Generated Obfuscated XSS Payloads for Machine Learning-Based Detection

Cross-site scripting XSS remains a persistent web security vulnerability, especially because obfuscation can change the surface form of a malicious payload while preserving its behavior. These transformations make it difficult for traditional and machine learning-based detection systems to reliab...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011028)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011028 advisory. In the Linux kernel, the following vulnerability has been resolved: ntbnetdev: Use devkfreeskbany in interrupt context TX/RX callback handlers ntbnetdevtxhandler,...

Adding Compilation Metadata to Binaries to Make Disassembly Decidable

The binary executable format is the standard method for distributing and executing software. Yet, it is also as opaque a representation of software as can be. If the binary format were augmented with metadata that provides security-relevant information, such as which data is intended by the...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-011141)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011141 advisory. In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd/core: Always clear status for idx The variable 'status' which contains the unhandled...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-011048)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011048 advisory. In the Linux kernel, the following vulnerability has been resolved: perf: hisi: Fix use-after-free when register pmu fails When we fail to register the uncore pmu, t...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006950)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006950 advisory. In the Linux kernel, the following vulnerability has been resolved: ntbnetdev: Use devkfreeskbany in interrupt context TX/RX callback handlers ntbnetdevtxhandler,...

Important: Red Hat Security Advisory: grafana-pcp security update

An update for grafana-pcp is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Security update for docker

This update for docker rebuilds it against the current go 1.25 security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: SUSE Linux...

Security update for runc

This update for runc rebuilds it against the current go 1.25 security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: SUSE Linux Enterpri...

Security update for cosign

This update for cosign rebuilds it against the current go 1.25 security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: SUSE Linux...

Security Bulletin: DevOps Test Performance contains a vulnerability due to use of Spring Boot

Summary Due to use of Spring Boot, DevOps Test Performance and Rational Performance Tester contain a potential authentication bypass vulnerability. Vulnerability Details CVEID:CVE-2026-22731 DESCRIPTION: Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass"...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of Spring Framework MVC and WebFlux

Summary Due to use of Spring Framework MVC and WebFlux, DevOps Test Performance and Rational Performance Tester contain a potential stream corruption vulnerability. Vulnerability Details CVEID:CVE-2026-22735 DESCRIPTION: Spring MVC and WebFlux applications are vulnerable to stream corruption when...