Security Bulletin: IBM WebSphere Application Server is affected by remote code execution (CVE-2026-9311, CVE-2026-9330)

Summary IBM WebSphere Application Server is affected by remote code execution. Vulnerability Details CVEID:CVE-2026-9330 DESCRIPTION: IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On...

Security Bulletin: IBM WebSphere Application Server is affected by a remote code execution vulnerability (CVE-2026-9319)

Summary IBM WebSphere Application Server is affected by a remote code execution vulnerability when using JAX-WS endpoints with WS-Security. Vulnerability Details CVEID:CVE-2026-9319 DESCRIPTION: IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to...

Malicious code in pretie_x2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc0da1230156c752bfa8b3456568e30a9eeb73c4100bff87777ae57d9f562e75 Package name pretiex2 and its description 'Opinionated code formatter for modern JavaScript and TypeScript.' with keywords including prettier...

Malicious code in pretie_x1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6308c285cb943f91fc16f7872bce135b8347b827139f5ad0cf8706ba992f104 Package masquerades as the prettier formatter name pretiex1, description "Opinionated code formatter for modern JavaScript and TypeScript.", keywords...

kernel: mptcp: fix slab-use-after-free in __inet_lookup_established

A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. Due to incorrect memory allocation for IPv6 subflow child sockets, a use-after-free vulnerability exists. A remote attacker could exploit this by triggering concurrent lookups in the kernel's hash table, potentially leadin...

CVE-2026-0165

CVE-2026-0165 is described across multiple sources as a vulnerability in the RTCP packet decoder where several functions perform an out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure with no execution privileges gained. Exploitation requires user in...

CVE-2026-0164

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0164

CVE-2026-0164 affects Modem with an out-of-bounds write due to a missing bounds check, enabling remote code execution without extra privileges or user interaction. The vulnerability is classified as RCE with high impact on confidentiality, integrity, and availability. Public sources (NVD/ENISA/NV...

CVE-2026-0162

In ParsePayloads of AudioSdpParser.cpp, there is a possible memory corruption due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0162

Technical details for CVE-2026-0162 are not publicly provided in the connected documents. The available descriptions only indicate a memory corruption in AudioSdpParser.cpp potentially enabling remote code execution. Monitor for updates and additional technical disclosures.

CVE-2026-0161

CVE-2026-0161 affects Google Android (Pixel bulletin context) with an out-of-bounds write in RtpSession.cpp due to an integer overflow in numberOfReportBlocks, enabling remote privilege escalation without user interaction. Connected sources (Android Pixel bulletin) flag this as an Elevation of Pr...

CVE-2026-0161

In numberOfReportBlocks of RtpSession.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0160

The vulnerability CVE-2026-0160 affects the TextRtpPayloadDecoderNode, specifically in DecodeT140 of TextRtpPayloadDecoderNode.cpp. It is caused by a missing bounds check that can result in an out-of-bounds write. The documented impact is remote code execution with no additional privileges requir...

CVE-2026-0160

In TextRtpPayloadDecoderNode::DecodeT140 of TextRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0157

In RtcpHeader::decodeRtcpHeader, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0156

CVE-2026-0156 describes a memory safety issue in checkSsrcCollisionOnRcv of RtpSession.cpp caused by a missing null check. This could allow remote denial of service without additional execution privileges, and exploitation does not require user interaction. The information appears consistently in...

CVE-2026-0154

CVE-2026-0154 affects the Modem component and describes a memory corruption issue triggered by a SIP REFER request that could enable remote code execution with no additional privileges and without user interaction. The connected documents consistently state this is a Modem/SIP REFER memory corrup...

CVE-2026-0155

CVE-2026-0155 describes an OOB read in ImsMediaBitReader::ReadByteBuffer caused by a missing bounds check. This leads to remote information disclosure without additional execution privileges and requires no user interaction. The CVSS 3.1 vector indicates Network access with low attack complexity ...

CVE-2026-0154

In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0155

In ImsMediaBitReader::ReadByteBuffer, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...