Security Bulletin: IBM Maximo Application Suite uses once-2.0.0.tgz which is vulnerable to CVE-2026-3449

Summary IBM Maximo Application Suite uses once-2.0.0.tgz which is vulnerable to CVE-2026-3449. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-3449 DESCRIPTION: Versions of the package @tootallnate/once before 3.0.1 are vulnerab...

[SECURITY] [DLA 4602-1] lemonldap-ng security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4602-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA May 28, 2026 https://wiki.debian.org/LTS -...

CVE-2026-41054 affecting package haveged for versions less than 1.9.22-1

CVE-2026-41054 affecting package haveged for versions less than 1.9.22-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-5946 affecting package bind for versions less than 9.20.23-1

CVE-2026-5946 affecting package bind for versions less than 9.20.23-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-5947 affecting package bind for versions less than 9.20.23-1

CVE-2026-5947 affecting package bind for versions less than 9.20.23-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-41035 affecting package rsync for versions less than 3.4.3-1

CVE-2026-41035 affecting package rsync for versions less than 3.4.3-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-3039 affecting package bind for versions less than 9.20.23-1

CVE-2026-3039 affecting package bind for versions less than 9.20.23-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-43620 affecting package rsync for versions less than 3.4.3-1

CVE-2026-43620 affecting package rsync for versions less than 3.4.3-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-43618 affecting package rsync for versions less than 3.4.3-1

CVE-2026-43618 affecting package rsync for versions less than 3.4.3-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-45232 affecting package rsync for versions less than 3.4.3-1

CVE-2026-45232 affecting package rsync for versions less than 3.4.3-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-3593 affecting package bind for versions less than 9.20.23-1

CVE-2026-3593 affecting package bind for versions less than 9.20.23-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-42944 affecting package unbound for versions less than 1.25.1-1

CVE-2026-42944 affecting package unbound for versions less than 1.25.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-40622 affecting package unbound for versions less than 1.25.1-1

CVE-2026-40622 affecting package unbound for versions less than 1.25.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-43617 affecting package rsync for versions less than 3.4.3-1

CVE-2026-43617 affecting package rsync for versions less than 3.4.3-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-44608 affecting package unbound for versions less than 1.25.1-1

CVE-2026-44608 affecting package unbound for versions less than 1.25.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-42923 affecting package unbound for versions less than 1.25.1-1

CVE-2026-42923 affecting package unbound for versions less than 1.25.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-5950 affecting package bind for versions less than 9.20.23-1

CVE-2026-5950 affecting package bind for versions less than 9.20.23-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-33814 affecting package golang for versions less than 1.26.3-1

CVE-2026-33814 affecting package golang for versions less than 1.26.3-1. An upgraded version of the package is available that resolves this issue...

User Impersonation

Overview symfony/security-http is a provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials. Affected versions of this package are vulnerable to User...

CVE-2026-31574 affecting package kernel for versions less than 6.6.139.1-1

CVE-2026-31574 affecting package kernel for versions less than 6.6.139.1-1. An upgraded version of the package is available that resolves this issue...