CVE-2026-31479

In the Linux kernel, the following vulnerability has been resolved: drm/xe: always keep track of remap prev/next During 3D workload, user is reporting hitting: 413.361679 WARNING: drivers/gpu/drm/xe/xevm.c:1217 at vmbindioctlopsunwind+0x1e2/0x2e0 xe, CPU7: vkd3dqueue/9925 413.361944 CPU: 7 UID:...

CVE-2026-31486 hwmon: (pmbus/core) Protect regulator operations with mutex

In the Linux kernel, the following vulnerability has been resolved: hwmon: pmbus/core Protect regulator operations with mutex The regulator operations pmbusregulatorgetvoltage, pmbusregulatorsetvoltage, and pmbusregulatorlistvoltage access PMBus registers and shared data but were not protected by...

CVE-2026-31486

The CVE-2026-31486 entry concerns the Linux kernel hwmon/pmbus/core regulator operations (get_voltage, set_voltage, list_voltage) not being mutex-protected, risking race conditions when accessing PMBus registers and shared data. The fix reworks pmbus_regulator_notify() to perform notifications vi...

Enterprise-Grade Application Security, Cloud-Native Speed: Introducing Imperva for Google Cloud

In today’s dynamic digital environment, the pressure to innovate has never been greater. Development teams are pushing for native cloud tools to maximize performance and cost-efficiency, while security teams require best-of-breed, enterprise-grade protection to defend against an ever-evolving...

Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug

Microsoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that could allow an attacker to escalate privileges. The vulnerability, tracked as CVE-2026-40372 , carries a CVSS score of 9.1 out of 10.0. It's rated Important in severity. An anonymous researcher has...

kernel: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrummr: Fix use-after-free when updating multicast route stats Cited commit added a dedicated mutex instead of RTNL to protect the multicast route list, so that it will not change while the driver periodically traverse...

Spring Security Vulnerable to User Attribute Enumeration when Using DaoAuthenticationProvider

Vulnerability in Spring Spring Security. If an application is using the UserDetailsisEnabled, isAccountNonExpired, or isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users who are disabled, expired, o...

CVE-2026-6386

In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the presence of 1GB largepage mappings created using the shmcreatelargepage3 interface. In particular, it...

SUSE CVE-2026-6782

Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...

CVE-2026-6782

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure in the IP Protection component...

kernel: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrummr: Fix use-after-free when updating multicast route stats Cited commit added a dedicated mutex instead of RTNL to protect the multicast route list, so that it will not change while the driver periodically traverse...

PT-2026-34576

IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to a Bypass Business Logic vulnerability in the access management control panel...

PT-2026-34575

IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnerability in the user access control panel...

Unity Linux 20.1050e / 20.1060e Security Update: kernel (UTSA-2026-013399)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013399 advisory. In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: Fix uaf in timerdeletesync There are two paths to access mptcppmdeladdtimer, result in...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013509)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013509 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/client: Fully protect modes with dev-modeconfig.mutex The modes array contains pointers to...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013663)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013663 advisory. In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential UAF of struct nilfsscinfo in nilfssegctorthread The finalization of...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013543)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013543 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix potential panic dues to unprotected smcllcsrvaddlink There is a certain chance to...

PT-2026-34582

IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

Oracle Linux 10 : bind (ELSA-2026-8312)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-8312 advisory. - Prevent Denial of Service via maliciously crafted DNSSEC-validated zone CVE-2026-1519 - Fix upstream reported regression in recent CVE fix CVE-2025-8677 -...

PT-2026-34583

IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...