[SECURITY] Fedora 43 Update: tbtools-0.7.0-2.fc43

This is a collection of tools for Linux Thunderbolt/USB4 development, debuggi ng and validation but may be useful to others as well...

This Week in Spring - February 10th, 2026

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's February 10th, 2026, as I write this from lovely London, UK. I spoke at the local Java User Group here last night, had a wonderful time. Tomorrow, I'm going home. It's been fun, but it's time to conclude this roller...

SUSE: Security Advisory (SUSE-SU-2026:20218-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MiracleLinux 9 : java-25-openjdk-25.0.2.0.10-1.el9.ML.1 (AXSA:2026-154:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-154:04 advisory. JDK: Improve JMX connections CVE-2026-21925 JDK: Improve HttpServer Request handling CVE-2026-21933 JDK: Enhance Certificate Checking CVE-2026-21945...

CVE-2025-64175

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, Gogs’ 2FA recovery code validation does not scope codes by user, enabling cross-account bypass. If an attacker knows a victim’s username and password, they can use any unused recovery code e.g., from their own account to...

SUSE SLES16 Security Update : dpdk (SUSE-SU-2026:20218-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:20218-1 advisory. Update to version 24.11.4. Security issues fixed: - CVE-2025-23259: issue in the Poll Mode Driver PMD allows an attacker on a VM in the...

CVE-2026-23623 Collabora Online vulnerable to Authorization Bypass

Collabora Online is a collaborative online office suite based on LibreOffice technology. Prior to Collabora Online Development Edition version 25.04.08.2 and prior to Collabora Online versions 23.05.20.1, 24.04.17.3, and 25.04.7.5, a user with view-only rights and no download privileges can obtai...

PT-2026-6642

Name of the Vulnerable Software and Affected Versions Collabora Online versions prior to 23.05.20.1 Collabora Online versions prior to 24.04.17.3 Collabora Online versions prior to 25.04.7.5 Collabora Online Development Edition versions prior to 25.04.08.2 Description Collabora Online is a...

Amazon Linux 2023 : java-1.8.0-amazon-corretto, java-1.8.0-amazon-corretto-devel (ALAS2023-2026-1386)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1386 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: RMI. Supported versions that are affected are Oracle Java SE...

Ofensive-security

This repository contains my Offensive Cyber Security / Penetrati...

iccDEV 缓冲区错误漏洞

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.3 contained a buffer error vulnerability. This vulnerability stemmed from a heap buffer overflow in the CIccFileIO::Read8 function, which could lead to memo...

Microsoft SDL: Evolving security practices for an AI-powered world

As AI reshapes the world, organizations encounter unprecedented risks, and security leaders take on new responsibilities. Microsoft’s Secure Development Lifecycle SDL is expanding to address AI-specific security concerns in addition to the traditional software security areas that it has...

Microsoft SDL: Evolving security practices for an AI-powered world

As AI reshapes the world, organizations encounter unprecedented risks, and security leaders take on new responsibilities. Microsoft’s Secure Development Lifecycle SDL is expanding to address AI-specific security concerns in addition to the traditional software security areas that it has...

security-review-skill

Security Review Skill for Claude Code A comprehensive securit...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Airplay_Audio_Software_Development_Kit

LiberationPlay-CVE-2025-24...

MiracleLinux 9 : java-1.8.0-openjdk-1.8.0.482.b08-1.el9.ML.1 (AXSA:2026-130:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-130:04 advisory. JDK: Improve JMX connections CVE-2026-21925 JDK: Improve HttpServer Request handling CVE-2026-21933 JDK: Enhance Certificate Checking CVE-2026-21945...

CVE-2026-1777

The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes the ModelBuilder HMAC signing key in the cleartext response elements of the DescribeTrainingJob function. A third party with permissions to both call this API and permissions to modify objects in the Training Jobs S3 output...

Improper Access Control

Kottster is vulnerable to Improper Access Control. The vulnerability is due to insecure handling of development-mode functionality, which allows an unauthenticated attacker to execute arbitrary code on the server when the application is running in development mode...

PT-2026-5709

Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed...

Exploit_Development

Ex...