google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 :path pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed :path that omits the mandato...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.43 security and extras update

Red Hat OpenShift Container Platform release 4.18.43 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a security impact of...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.20.24 security and extras update

Red Hat OpenShift Container Platform release 4.20.24 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.20. Red Hat Product Security has rated this update as having a security impact of...

Important: Red Hat Security Advisory: Red Hat Lightspeed (formerly Insights) for Runtimes security update

An update is now available for Red Hat Lightspeed formerly Insights for Runtimes on RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 :path pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed :path that omits the mandato...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.21.18 security and extras update

Red Hat OpenShift Container Platform release 4.21.18 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.21. Red Hat Product Security has rated this update as having a security impact of...

OPENSUSE-SU-2026:20856-1 Security update for shadowsocks-v2ray-plugin

This update for shadowsocks-v2ray-plugin fixes the following issues: Changes in shadowsocks-v2ray-plugin: - Update version to 5.49.0 Update v2ray-core to 5.49.0 Update grpc to 1.81.1 boo1260328 and CVE-2026-33186 - Update version to 5.44.1 Update v2ray-core to v5.44.1 - Update version to 5.41.0...

Security Bulletin: Multiple security vulnerabilities addressed with IBM Business Automation Workflow cumulative fixes May 2026

Summary In addition to updating many operating system level packages, the following security vulnerabilities are addressed with IBM Business Automation Workflow cumulative fixes. Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION: Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and...

opentelemetry-collector security update

An update is available for opentelemetry-collector. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Collector with the supported components for a Rocky Enterpri...

Security update for google-guest-agent

This update for google-guest-agent fixes the following issue CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260264. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like Ya...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.19.32 security and extras update

Red Hat OpenShift Container Platform release 4.19.32 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.19. Red Hat Product Security has rated this update as having a security impact of...

google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 :path pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed :path that omits the mandato...

Important: Red Hat Security Advisory: Red Hat build of MicroShift 4.19.32 security update

Red Hat build of MicroShift release 4.19.32 is now available with updates to packages and images that include a security update. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

RHCOS 4 : Red Hat build of MicroShift 4.19.32 (RHSA-2026:20322)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:20322 advisory. - google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation...

Linux Distros Unpatched Vulnerability : CVE-2026-48692

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is initialized with...

CVE-2026-48692

FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is initialized with grpc::InsecureServerCredentials src/fastnetmon.cpp line 477 and a source code comment explicitly acknowledges 'Listen on the given address without an...

SUSE-SU-2026:21849-1 Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issues - CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers bsc1236533. - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header...

MAL-2026-4721 Malicious code in weavedb-node-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d174728fc7469b023ece1980797185c35abd74c56e253bc1dc1b295a46a1dbd2 package.json declares "preinstall": "./tools/setup", unconditionally executing a 976KB UPX-packed, stripped Linux x86 ELF on every npm install. The...

SUSE-SU-2026:21756-1 Security update for mcphost

This update for mcphost fixes the following issues - CVE-2025-30153: github.com/getkin/kin-openapi/openapi3filter: Improper Handling of Highly Compressed Data Data Amplification in github.com/getkin/kin-openapi/openapi3filter bsc1264762. - CVE-2025-47913: golang.org/x/crypto/ssh/agent: client...

SUSE-SU-2026:21827-1 Security update for mcphost

This update for mcphost fixes the following issues - CVE-2025-30153: github.com/getkin/kin-openapi/openapi3filter: Improper Handling of Highly Compressed Data Data Amplification in github.com/getkin/kin-openapi/openapi3filter bsc1264762. - CVE-2025-47913: golang.org/x/crypto/ssh/agent: client...