RHSA-2026:25039 Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

Bulletin has no description...

RHSA-2026:24374 Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

Bulletin has no description...

RHSA-2026:24014 Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

Bulletin has no description...

RHSA-2026:24069 Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

Bulletin has no description...

RHSA-2026:24009 Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

Bulletin has no description...

RHSA-2026:24000 Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

Bulletin has no description...

CVE-2026-49121

A flaw was found in AI Tensor Engine for ROCm AITER. This vulnerability allows unauthenticated remote attackers to execute arbitrary code by sending a specially crafted data package, known as a pickle payload, to a ZeroMQ ZMQ subscriber socket. This exploitation is possible due to a lack of...

EUVD-2026-37978

The Classified Listing – Classified ads & Business Directory plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.4.2. This is due to a missing capability/ownership check on the galleryimageupdateasfeature AJAX handler action:...

CVE-2026-10779

CVE-2026-10779 affects the WordPress Classified Listing plugin (versions

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: dotnet9.0: aspnetcore-runtime-9.0-9.0.17-1.hum1 aarch64, x8664 aspnetcore-runtime-dbg-9.0-9.0.17-1.hum1 aarch64, x8664 aspnetcore-targeting-pack-9.0-9.0.17-1.hum1 aarch64, x8664...

Concurrent Ruby - `AtomicReference#update` livelocks when the stored value is `Float::NAN`

Summary Concurrent::AtomicReferenceupdate can enter a permanent busy retry loop when the current value is Float::NAN. The issue is caused by the interaction between: - AtomicReferenceupdate, which retries until compareandsetoldvalue, newvalue succeeds. - Numeric compareandset, which checks old ==...

Critical Photon OS Security Update - PHSA-2026-5.0-0890

Updates of 'linux', 'linux-esx' packages of Photon OS have been released...

Photon OS 4.0: Dotnet PHSA-2026-4.0-1036

An update of the dotnet package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1036. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 4.0: Nginx PHSA-2026-4.0-1036

An update of the nginx package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1036. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Critical Photon OS Security Update - PHSA-2026-4.0-1038

Updates of 'coredns', 'rsync', 'python3-pip' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2026-4.0-1037

Updates of 'linux' packages of Photon OS have been released...

PT-2026-51090

Name of the Vulnerable Software and Affected Versions concurrent-ruby versions prior to 1.3.7 Description The Concurrent::AtomicReferenceupdate function can enter a permanent busy retry loop when the current value is Float::NAN. This occurs due to the interaction between AtomicReferenceupdate,...

Critical Photon OS Security Update - PHSA-2026-5.0-0888

Updates of 'linux', 'linux-esx' packages of Photon OS have been released...

CVE-2026-12047

CVE-2026-12047 – pgAdmin 4 : HTML injection in the cloud deployment module arises when unsanitised exception text (from verify_credentials, deploy, and related endpoints under /rds/, /azure/, /google/, and /cloud/) is echoed into JSON response fields (info/errormsg) and rendered by the Cloud Wiza...

CVE-2026-12046 pgAdmin 4: Unauthenticated pickle deserialization in SQL Editor close / update_connection routes enables remote code execution

Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DELETE /sqleditor/close/ and POST /sqleditor/initialize/sqleditor/updateconnection/// -- were the only routes in the module missing the @pgaloginrequired decorator. Both reach a pickle.loads sink on session'gridData''commandobj':...