kernel security update

4.18.0-553.129.1 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

Security Bulletin: node-forge-1.3.1.tgz, IBM Sterling Connect:Direct Web Services is affected by bypass downstream cryptographic verifications and security decisions.

Summary node-forge-1.3.1.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2025-12816, CVE-2025-66030, CVE-2025-66031 . Vulnerability Details CVEID:CVE-2025-12816 DESCRIPTION: An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticat...

OESA-2026-2494 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: udp: Fix wildcard bind conflict check when using hash2 When binding a udpsock to a local address and port, UDP uses two hashes udptable-hash and udptable-hash2 f...

EUVD-2026-32775

In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core-qspi: control built-in cs manually The coreQSPI IP supports only a single chip select, which is automagically operated by the hardware - set low when the transmit buffer first gets written to and set high when...

kernel security update

4.18.0-553.126.1 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

Interpretation Conflict

Overview @hapi/content is a HTTP Content- headers parsing Affected versions of this package are vulnerable to Interpretation Conflict due to inconsistent handling of duplicate parameters in the Content.disposition and Content.type functions. An attacker can bypass upload filename allowlists or...

Low: python3.14-pip

Issue Overview: pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior...

CVE-2026-47076

Interpretation Conflict vulnerability in benoitc hackney allows Server Side Request Forgery. hackneyurl:normalize/2 URL-decodes the host component after the URL has been parsed into a hackneyurl record. OTP's uristring:parse/1 and inet:parseaddress/1 do not decode percent-escapes in the host, so ...

EUVD-2026-31689

Interpretation Conflict vulnerability in benoitc hackney allows Server Side Request Forgery. hackneyurl:normalize/2 URL-decodes the host component after the URL has been parsed into a hackneyurl record. OTP's uristring:parse/1 and inet:parseaddress/1 do not decode percent-escapes in the host, so ...

PT-2026-43072

Name of the Vulnerable Software and Affected Versions benoitc hackney versions 0.13.0 through 4.0.0 Description An interpretation conflict allows Server Side Request Forgery SSRF, a flaw where an attacker can induce the server to make requests to an unintended location. The function hackney...

kernel security update

4.18.0-553.125.1 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

Interpretation Conflict

Overview symfony/html-sanitizer is a Provides an object-oriented API to sanitize untrusted HTML input for safe insertion into a document's DOM. Affected versions of this package are vulnerable to Interpretation Conflict via URL parsing and policy enforcement in UrlSanitizer/UrlAttributeSanitizer...

Oracle Linux 8 : kernel (ELSA-2026-16195)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-16195 advisory. 4.18.0-553.124.1 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to t...

PT-2026-41970

Summary When Algernon is invoked with a single file path instead of a directory — the documented "quick demo" workflow algernon foo.lua, algernon page.po2, algernon index.html, algernon mywebsite.alg — singleFileMode is set to true and debugMode is forcibly enabled with no opt-out: go //...

SUSE SLES15 Security Update : python310 (SUSE-SU-2026:1947-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1947-1 advisory. This update for python310 fixes the following issues Security issues: - CVE-2026-1502: HTTP client proxy tunnel headers not validat...

Three Heads Are Better Than One: A Multi-Perspective Reasoning Framework for Enhanced Vulnerability Detection

Automated vulnerability detection is crucial for enhancing software security by identifying potential flaws that attackers could exploit, thereby reducing the reliance on labor-intensive manual code audits. Recent advancements have shifted towards leveraging large language models LLMs for...

EUVD-2026-30609

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the toolservers and terminalservers keys in utils/tools.py do use a prefix. When two or more Open WebUI instances share a Redis database a supported and documented deployment pattern...

Malicious code in @pelmnaads/naads-common-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68990dfacdc750bf464d646aca4855c2dd23bbefcadef1d9638e2d663a23fc57 The package is published to the public npm registry under @pelmnaads/naads-common-logger with version 19999.0.1 — the canonical dependency-confusion...

kernel security update

5.14.0-611.55.1 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...

kernel security update

4.18.0-553.124.1 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...