Security Bulletin: DevOps Test Performance contains a vulnerability related to use of Spring Security

Summary Due to use of Spring Security, DevOps Test Performance and Rational Performance Tester contain a vulnerability that can potentially result in clickjacking, XSS, and sensitive data exposure via caching. CVE-2026-22732 Vulnerability Details CVEID:CVE-2026-22732 DESCRIPTION: When application...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the form-data libary

Summary Due to use of the form-data library, DevOps Test Performance and Rational Performance Tester contain a potential HTTP Parameter Pollution HPP vulnerability CVE-2025-7783. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data...

SUSE-FU-2026:21213-1 Feature update for libgcrypt, libgpg-error

This update for libgcrypt, libgpg-error fixes the following issues: Update libgcrypt to 1.12.1 jscPED-15059: New and extended interfaces: - Allow access to the FIPS service indicator via the new GCRYCTLFIPSSERVICEINDICATOR control code. - Make SHA-1 non-FIPS internally for the 1.12 API - Add...

sms 安全漏洞

SMS is a student performance management system developed by Jeffrey as an individual project. SMS has a security vulnerability, which stems from the handling of the parameter ID in the file admin/deletecourse.php. This vulnerability may lead to SQL injection attacks...

sms 安全漏洞

SMS is a student performance management system developed by QUERYMINE. SMS has a security vulnerability, which stems from the handling of the image parameter in the admin/addteacher.php file. This vulnerability may lead to arbitrary file uploads...

sms 安全漏洞

SMS is a student performance management system developed by QUERYMINE. SMS has a security vulnerability, which stems from unknown code in the admin/editcourse.php file of the GET Request Parameter Handler component. This code allows for SQL injection attacks on parameter IDs, potentially leading ...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of React Router

Summary Due to use of React Router, DevOps Test Performance and Rational Performance Tester contain a Open Redirect vulnerability, potentially enabling phishing or credential theft. Vulnerability Details CVEID:CVE-2025-68470 DESCRIPTION: React Router is a router for React. In versions 6.0.0 throu...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the glob npm package

Summary Due to use of the glob npm package, DevOps Test Performance and Rational Performance Tester contain a potential command injection vulnerability. Vulnerability Details CVEID:CVE-2025-64756 DESCRIPTION: Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior t...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Connect2id Nimbus JOSE + JWT library

Summary Due to use of the Connect2id Nimbus JOSE + JWT library, DevOps Test Performance and Rational Performance Tester contain a potential Denial of Service DoS vulnerability. Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the npm semver package

Summary Due to use of the npm semver package, DevOps Test Performance and Rational Performance Tester contain a potential Regular Expression Denial of Service ReDoS vulnerability. Vulnerability Details CVEID:CVE-2022-25883 DESCRIPTION: Versions of the package semver before 7.5.2 are vulnerable to...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Node.js on-headers middleware

Summary Due to use of the Node.js on-headers middleware, DevOps Test Performance and Rational Performance Tester contain an Improper Handling of Unexpected Data Type vulnerability, potentially enabling header manipulation. Vulnerability Details CVEID:CVE-2025-7339 DESCRIPTION: on-headers is a...

CVE-2026-32184

Deserialization of untrusted data in Microsoft High Performance Compute Pack HPC allows an authorized attacker to elevate privileges locally...

Fedora 42 : webkitgtk (2026-36594550b0)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-36594550b0 advisory. Update to 2.52.1. Notable changes from 2.50 to 2.52: Make text look like in other browsers by blending in linear color space. Improved rendering...

Pyroscope 安全漏洞

Pyroscope is an open-source continuous performance analysis platform developed by Grafana. Vulnerabilities exist in versions prior to Pyroscope 1.15.2, 1.16.1, and 1.17.0. These vulnerabilities stem from improper configuration, potentially allowing attackers to extract the secretkey configuration...

PT-2026-33212

Name of the Vulnerable Software and Affected Versions Python-Multipart versions prior to 0.0.26 Description An issue exists when parsing crafted multipart/form-data requests containing large preamble or epilogue sections. Two inefficient parsing paths can be abused: the parser handles leading CR...

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit these vulnerabilities by having multiple Azure and Microsoft components fail to validate input adequately or process untrusted data insecurely, allowing an authorized attacker to increase privileges...

EUVD-2026-22565

Deserialization of untrusted data in Microsoft High Performance Compute Pack HPC allows an authorized attacker to elevate privileges locally...

CVE-2026-32184

Deserialization of untrusted data in Microsoft High Performance Compute Pack HPC allows an authorized attacker to elevate privileges locally...

CVE-2026-32184 Microsoft High Performance Compute (HPC) Pack Elevation of Privilege Vulnerability

...

CVE-2026-32184

CVE-2026-32184 concerns Microsoft High Performance Compute (HPC) Pack with an Elevation of Privilege vulnerability. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) yields a base score of 7.8 (HIGH) where the attacker requires local access, low attack complexity and low privileges, with ...