Security Bulletin: IBM Automation Decision Services for May 2026- Multiple CVEs addressed

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Automation Decision Services. See full list below. Vulnerability Details CVEID:CVE-2025-46295 DESCRIPTION: Apache Commons Text versions prior to 1.10.0 included...

Astra Linux - уязвимость в linux, linux-5.10

A flaw was discovered in the OverlayFS subsystem of the Linux kernel, regarding the way users mount the TmpFS filesystem using OverlayFS. This flaw allows a local user to gain access to hidden files that should not be accessible...

SUSE CVE-2026-5704

A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files...

DSpace 5.x / 6.x Full Repository Extractor

This Python script is an automated extraction tool targeting a DSpace-based repository. It leverages an open Solr search query to enumerate repository item handles, then audits each item to discover and download associated bitstream files typically PDFs. The script also attempts sequence-based...

EUVD-2026-19317

A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files...

CVE-2026-5704

A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files...

CVE-2026-5704

A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files...

PT-2026-30666

Name of the Vulnerable Software and Affected Versions GNU tar affected versions not specified Description A flaw exists in GNU tar that allows a remote attacker to craft a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction...

Security Bulletin: IBM Event Processing is vulnerable to unauthorized access to hidden files and stored cross-site scripting (XSS) (CVE-2025-11965, CVE-2025-11966)

Summary IBM Event Processing is vulnerable to unauthorized access to hidden files and stored cross-site scripting XSS when using Eclipse Vert.x. Vulnerability Details CVEID:CVE-2025-11965 DESCRIPTION: In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for...

VulnCheck KEV: CVE-2020-19363

Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories...

openSUSE 16 Security Update : busybox (openSUSE-SU-2026:20090-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20090-1 advisory. Security fixes: - CVE-2025-60876: HTTP request header injection in wget bsc1253245. - CVE-2025-46394: Fixed tar hidden files via escape sequence...

SUSE SLES15 / openSUSE 15 Security Update : busybox (SUSE-SU-2026:0236-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0236-1 advisory. This update for busybox fixes the following issues: Security issues: - CVE-2025-46394: Fixed tar hidden files via...

OPENSUSE-SU-2026:20090-1 Security update for busybox

This update for busybox fixes the following issues: Security fixes: - CVE-2025-60876: HTTP request header injection in wget bsc1253245. - CVE-2025-46394: Fixed tar hidden files via escape sequence bsc1241661. Other fixes: - Set CONFIGFIRSTSYSTEMID to 201 to avoid confclict bsc1236670 - Fix unshar...

Security update for busybox

This update for busybox fixes the following issues: This update for busybox fixes the following issues: Security issues: CVE-2025-46394: Fixed tar hidden files via escape sequence CVE-2025-46394, bsc1241661 CVE-2025-60876: Fixed HTTP request header injection in wget CVE-2025-60876, bsc1253245 Oth...

SUSE-SU-2026:0236-1 Security update for busybox

This update for busybox fixes the following issues: This update for busybox fixes the following issues: Security issues: - CVE-2025-46394: Fixed tar hidden files via escape sequence CVE-2025-46394, bsc1241661 - CVE-2025-60876: Fixed HTTP request header injection in wget CVE-2025-60876, bsc1253245...

Security update for busybox

This update for busybox fixes the following issues: Security issues: CVE-2025-46394: Fixed tar hidden files via escape sequence CVE-2025-46394, bsc1241661 CVE-2025-60876: Fixed HTTP request header injection in wget CVE-2025-60876, bsc1253245 Other issues: Set CONFIGFIRSTSYSTEMID to 201 to avoid...

SUSE-SU-2026:0235-1 Security update for busybox

This update for busybox fixes the following issues: Security issues: - CVE-2025-46394: Fixed tar hidden files via escape sequence CVE-2025-46394, bsc1241661 - CVE-2025-60876: Fixed HTTP request header injection in wget CVE-2025-60876, bsc1253245 Other issues: - Set CONFIGFIRSTSYSTEMID to 201 to...

MiracleLinux 7 : subversion-1.7.14-14.el7 (AXEA:2018-2733:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXEA:2018-2733:01 advisory. - modauthzsvn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access,...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001494)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001494 advisory. A flaw was found in the Linux kernel's OverlayFS subsystem in the way the user mounts the TmpFS filesystem with OverlayFS. This flaw allows a local user to gain acce...

Advisory ROSA-SA-2025-3080

Software: aide 0.15.1 OS: rosa-server79 unaffected versions = aide-0.15.1-13.0.3.res7.1 affected versions aide-0.15.1-13.0.3.res7.1 CVE-ID: CVE-2025-54389 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Vulnerability in AIDE before version 0.19.2: Special characters in filenames and symbolic links are...