Anchor: `InterfaceAccount` allows account substitution between unexpected types

Impact Any uses of InterfaceAccount allows another unexpected account type to be passed, after https://github.com/solana-foundation/anchor/pull/3837 disabled discriminator checking for this type. The bug was originally reported and fixed in https://github.com/solana-foundation/anchor/pull/4139, s...

Security Bulletin: Vulnerability in Axios affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Axios has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...

[SECURITY] Fedora 43 Update: insight-18.0.50.20260306-3.fc43

Insight is a tight graphical user interface to GDB written in Tcl/Tk. It provides a comprehensive interface that enables users to harness most of GDB's power. It's also probably the only up-to-date UI for the latest GDB version...

CVE-2026-22618

A security misconfiguration was identified in Eaton Intelligent Power Protector IPP, where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based attacks. This security issue has been fixed in the latest version of Eaton IPP software which is available...

PT-2026-28789

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /pms image proxy endpoint accepts a user-supplied img parameter and forwards it to Plex Media Server's /photo/:/ transcode transcoder without authentication and without restricting the sche...

GHSA-MVM6-F9R3-FGFX AWS SDK for .NET: Improper escaping of special characters in CloudFront policy document construction

Summary This notification is related to the CloudFront signing utilities in the AWS SDK for .NET, which are used to generate Amazon CloudFront signed URLs and signed cookies. A defense-in-depth enhancement has been implemented to improve handling of special characters, such as double quotes and...

Important: Red Hat Security Advisory: Red Hat Ceph Storage

A new version of Red Hat build of Ceph Storage has been released The Red Hat Storage Ceph container images are based on the latest ubi9 base image and Ceph 8.1. This release updates to the latest version...

CVE-2026-22614

The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and tamper with the project file. This security issue has bee...

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2025-8885 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcprov on All...

Important: Red Hat Security Advisory: Red Hat Ceph Storage

A new version of Red Hat build of Ceph Storage has been released The Red Hat Storage Ceph container images are based on the latest ubi9 base image and Ceph 8.1. This release updates to the latest version...

CVE-2025-54756

BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 use a default password that is guessable with knowledge of the device information. The latest release fixes this issue for new installations; users of old installations are encouraged to change all...

PT-2026-7862

Name of the Vulnerable Software and Affected Versions BrightSign players versions prior to 8.5.53.1 series 4 BrightSign players versions prior to 9.0.166 series 5 Description BrightSign players utilize a default password that can be easily guessed if device information is known. This allows...

Security Bulletin: NVIDIA Triton Inference Server - December 2025

NVIDIA has released a software update for NVIDIA Triton Inference Server to address the issue disclosed in this bulletin. To protect your system, install the latest release from the Triton Inference Server Releases page on GitHub, and view the Secure Deployment Considerations Guide. Go to NVIDIA...

PT-2025-44522

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R2 Description Nagios XI versions prior to 2024R2 have a command injection issue in the WinRM plugin. A lack of proper validation of user-supplied parameters allows an authenticated administrator to inject shell...

Malware Injection

prebid-universal-creative is vulnerable to malware injection. The vulnerability is due to the inclusion of crypto-related malicious code and the latest release, which allows an attacker to execute unauthorized cryptocurrency-related operations on affected systems...

Security Bulletin: NVIDIA CUDA Toolkit - September 2025

NVIDIA has released a software update for NVIDIA® CUDA® Toolkit. To protect your system, download and install the latest release from the CUDA Toolkit Downloads page. Go to NVIDIA Product Security...

Medium: cuda-compiler-12-9

Issue Overview: NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute arbitrary code by passing in a malformed ELF file. A successful exploit of this...

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

RUSTSEC-2025-0014 humantime is unmaintained

Latest humantime crates.io release is four years old and GitHub repository has not seen commits in four years. Question about maintenance status has not gotten any reaction from maintainer: https://github.com/tailhook/humantime/issues/31 Update: maintained again The maintainer has responded and...

Versions of *ring* prior to 0.17 are unmaintained.

ring 0.16.20 was released over 4 years ago and isn't maintained, tested, etc. Additionally, the project's general policy is to only patch the latest release, which is 0.17.12 now. It will be difficult for anybody to backport future fixes to versions earlier than 0.17.10 due to license changes...