Security Bulletin: IBM Engineering Lifecycle Management - Engineering Test management is impacted by vulnerabilities in Eclipse Paho Java client library

Summary A vulnerability has been identified in Eclipse Paho Java client library, which is used in IBM Engineering Lifecycle Management - Engineering Test management Vulnerability Details CVEID:CVE-2019-11777 DESCRIPTION: In the Eclipse Paho Java client library version 1.2.0, when connecting to an...

EUVD-2026-29903

Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information...

EUVD-2026-29907

Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity...

CVE-2026-21011

Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock...

SUSE-RU-2026:20677-1 Recommended update for open-vm-tools

This update for open-vm-tools fixes the following issues: - update to 13.0.10 based on build 25056151 boo1257357: There are no new features in the open-vm-tools 13.0.10 release. This is primarily a maintenance release that addresses a fix. A minor enhancement has been made for Guest OS...

CakePHP 5.3.2 Released

CakePHP 5.3.2 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 5.3.2. This is a maintenance release for the 5.3 branch that fixes community reported issues, regressions and a security issue with PaginatorHelper. Bugfixes You can expect the following change...

PT-2026-5352

Name of the Vulnerable Software and Affected Versions versions prior to 2026-0010 Description An issue exists in the onTransact function within IDrmManagerService.cpp that may lead to a local escalation of privilege. This is due to a missing bounds check, potentially resulting in an out-of-bounds...

PT-2026-5349

In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-5351

Name of the Vulnerable Software and Affected Versions Versions affected versions not specified Description A privilege escalation issue exists due to a confused deputy condition. Successful exploitation could lead to local privilege escalation without requiring additional execution privileges or...

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Nimbus JOSE+JWT

Summary Vulnerabilities have been identified in Nimbus JOSE+JWT, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to...

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Apache PDFBox

Summary Vulnerabilities have been identified in Apache PDFBox, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2021-27807 DESCRIPTION: A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apac...

SUSE-SU-2026:20114-1 Security update of open-vm-tools

This update for open-vm-tools fixes the following issues: Update to open-vm-tools 13.0.5 based on build 24915695. boo1250692: Please refer to the Release Notes at https://github.com/vmware/open-vm-tools/blob/stable-13.0.5/ReleaseNotes.md. The granular changes that have gone into the open-vm-tools...

Fedora 43 : python3-docs / python3.14 (2025-e235793f10)

The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-e235793f10 advisory. This is the second maintenance release of Python 3.14 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

Fedora: Security Advisory (FEDORA-2025-e235793f10)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-58480

Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory...

PT-2025-48597

Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory...

SUSE-SU-2025:20866-1 Security update for open-vm-tools

This update for open-vm-tools fixes the following issues: Update to open-vm-tools 13.0.5 based on build 24915695. bsc1250692: Please refer to the Release Notes at: https://github.com/vmware/open-vm-tools/blob/stable-13.0.5/ReleaseNotes.md. The granular changes that have gone into the open-vm-tool...

Security update for open-vm-tools

This update for open-vm-tools fixes the following issues: Update to open-vm-tools 13.0.5 based on build 24915695. bsc1250692: Please refer to the Release Notes at https://github.com/vmware/open-vm-tools/blob/stable-13.0.5/ReleaseNotes.md. The granular changes that have gone into the open-vm-tools...

EUVD-2025-33684

Improper access control in KnoxGuard prior to SMR Oct-2025 Release 1 allows physical attackers to use the privileged APIs...

CVE-2025-21042

Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code...