Description of the security update for SharePoint Server 2019 Language Pack: May 12, 2026 (KB5002872)

Description of the security update for SharePoint Server 2019 Language Pack: May 12, 2026 KB5002872 Summary Important: If you're running 2013-type workflows, you mustinstall the August 2025 update for SharePoint Workflow Manager​​​​​​​ to your farm before you install this cumulative update. If...

GHSA-RH99-WC69-C255 Contras Affected by CopyFile Policy Subversion via Symlinks

Impact The Kata agent policies generated by the Contrast CLI had an issue in the CopyFile verification, which allowed arbitrary writes to the guest root filesytem. A malicious process on the host with the capability to connect to the Kata agent VSOCK could connect to the agent and issue a series ...

Contras Affected by CopyFile Policy Subversion via Symlinks

Impact The Kata agent policies generated by the Contrast CLI had an issue in the CopyFile verification, which allowed arbitrary writes to the guest root filesytem. A malicious process on the host with the capability to connect to the Kata agent VSOCK could connect to the agent and issue a series ...

GO-2026-4863 Contrast BadAML injection allows arbitrary code execution in github.com/edgelesssys/contrast

Contrast BadAML injection allows arbitrary code execution in github.com/edgelesssys/contrast...

PT-2026-29926

Contrast BadAML injection allows arbitrary code execution in github.com/edgelesssys/contrast...

GHSA-G9WW-X58F-9G6M Contrast BadAML injection allows arbitrary code execution

BadAML BadAML is an AML injection attack that exploits the ACPI interface and allows arbitrary code execution in a confidential VM. The attack was first published in 2024: - - Impact An attacker with control over the host which is assumed in the attacker model of Contrast can execute malicious AM...

MiracleLinux 4 : spice-gtk-0.20-11.AXS4 (AXSA:2014-014:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2014-014:01 advisory. Client libraries for SPICE desktop servers. Security issues fixed with this release: CVE-2013-4324 spice-gtk 0.14, and possibly other versions, invokes the...

Friday Squid Blogging: Squid Camouflage

New research: Abstract: Coleoid cephalopods have the most elaborate camouflage system in the animal kingdom. This enables them to hide from or deceive both predators and prey. Most studies have focused on benthic species of octopus and cuttlefish, while studies on squid focused mainly on the...

GO-2025-4078 Contrast has insecure LUKS2 persistent storage partitions may be opened and used in github.com/edgelesssys/contrast

Contrast has insecure LUKS2 persistent storage partitions may be opened and used in github.com/edgelesssys/contrast...

EUVD-2025-36551

Contrast has insecure LUKS2 persistent storage partitions may be opened and used...

Files or Directories Accessible to External Parties

Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via the secure persistent volume feature. An attacker can access confidential data stored in persistent volumes by providing a crafted LUKS2 volume with a null key-encryption algorithm...

GHSA-F5P4-P5Q5-JV3H Contrast has insecure LUKS2 persistent storage partitions may be opened and used

Summary A malicious host may provide a crafted LUKS2 volume to a Contrast pod VM that uses the secure persistent volume feature. The guest will open the volume and write secret data using a volume key known to the attacker. LUKS2 volume metadata is a not authenticated and b supports null...

EUVD-2013-6282

Malware in sbrugna...

EUVD-2022-7109

Malicious code in bioql PyPI...

EUVD-2025-29502

Malicious code in bioql PyPI...

EUVD-2025-29522

Malicious code in bioql PyPI...

GO-2025-3920 Contrast leaks workload secrets to logs on INFO level in github.com/edgelesssys/contrast

Contrast leaks workload secrets to logs on INFO level in github.com/edgelesssys/contrast...

PT-2025-36645

Contrast leaks workload secrets to logs on INFO level in github.com/edgelesssys/contrast...

GHSA-VXG3-W9RV-RHR2 Contrast leaks workload secrets to logs on INFO level

This is the same vulnerability as https://github.com/edgelesssys/contrast/security/advisories/GHSA-h5f8-crrq-4pw8. The original vulnerability had been fixed for release v1.8.1, but the fix was not ported to the main branch and thus not present in releases v1.9.0 ff. Below is a brief repetition of...

GO-2025-3807 Contrast vulnerability allows arbitrary host data Injection into container VOLUME mount points in github.com/edgelesssys/contrast

Contrast vulnerability allows arbitrary host data Injection into container VOLUME mount points in github.com/edgelesssys/contrast...