Security Bulletin: IBM Verify Antenna is affected by multiple vulnerabilities (CVE-2026-33815, CVE-2026-33816, CVE-2026-41889)

Summary IBM Verify Antenna has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2026-41889 DESCRIPTION: pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string...

CVE-2026-47179

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.4, ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because...

hermes-sidecar-poc

Hermes PoC — Pod + Nacos + Math microservice Dubbo Triple S...

[SECURITY] Fedora 43 Update: docker-compose-5.1.4-1.fc43

Define and run multi-container applications with Docker...

[SECURITY] Fedora 44 Update: docker-compose-5.1.4-1.fc44

Define and run multi-container applications with Docker...

CVE-2026-39830 affecting package docker-compose for versions less than 2.27.0-11

CVE-2026-39830 affecting package docker-compose for versions less than 2.27.0-11. A patched version of the package is available...

CVE-2026-39832 affecting package docker-compose for versions less than 2.27.0-11

CVE-2026-39832 affecting package docker-compose for versions less than 2.27.0-11. A patched version of the package is available...

CVE-2026-39834 affecting package docker-compose for versions less than 2.27.0-11

CVE-2026-39834 affecting package docker-compose for versions less than 2.27.0-11. A patched version of the package is available...

CVE-2026-46597 affecting package docker-compose for versions less than 2.27.0-11

CVE-2026-46597 affecting package docker-compose for versions less than 2.27.0-11. A patched version of the package is available...

CVE-2026-27136 affecting package docker-compose for versions less than 2.27.0-11

CVE-2026-27136 affecting package docker-compose for versions less than 2.27.0-11. A patched version of the package is available...

CVE-2026-39821 affecting package docker-compose for versions less than 2.27.0-11

CVE-2026-39821 affecting package docker-compose for versions less than 2.27.0-11. A patched version of the package is available...

CVE-2026-42506 affecting package docker-compose for versions less than 2.27.0-11

CVE-2026-42506 affecting package docker-compose for versions less than 2.27.0-11. A patched version of the package is available...

CVE-2026-39829 affecting package docker-compose for versions less than 2.27.0-11

CVE-2026-39829 affecting package docker-compose for versions less than 2.27.0-11. A patched version of the package is available...

Fedora 44 : docker-compose (2026-3316f97296)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3316f97296 advisory. - Update to release v5.1.4 - Resolves: rhbz2480186 - Upstream fixes ---- - Update to release v5.1.3 - Resolves rhbz2458697 - Resolves CVE-2026-33747...

Fedora 43 : docker-compose (2026-951a6725b8)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-951a6725b8 advisory. - Update to release v5.1.4 - Resolves: rhbz2480186 - Upstream fixes ---- - Update to release v5.1.3 - Resolves rhbz2458697 - Resolves CVE-2026-33747...

CVE-2026-47125

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.2, the PUT /api/environments/id/templates/variables endpoint, which writes the system-wide .env.global file used for variable substitution in every project's compose file, is missing an admin...

CVE-2026-47179

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.4, ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because...

CVE-2026-47179 Arcane: Authenticated Arbitrary Host File Read via Docker Compose Include Directives in Arcane

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.4, ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because...

CVE-2026-47179 Arcane: Authenticated Arbitrary Host File Read via Docker Compose Include Directives in Arcane

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.4, ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because...

CVE-2026-47179

Summary: Arcane exposes an authenticated arbitrary host-file read via Docker Compose include directives. Prior to version 1.19.4, GetProjectFileContent could read any include file declared in a project’s compose file, even outside the project, because CreateProject bypassed include-path validatio...