CVE-2025-13491

CVE-2025-13491 affects IBM App Connect Enterprise Certified Container. Affected: CD up to 12.19.0 and 12.0 LTS. Root cause: untrusted search path that could allow an attacker to access sensitive files or modify configurations; impact described as confidentiality/integrity concerns with low severi...

CVE-2025-13491 IBM App Connect Enterprise Certified Container Information Disclosure

IBM App Connect Enterprise Certified Container CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0 and 12.0 LTS: 12.0.0 through 12.0.19 could allow an attacker to access sensitive files or modify configurations due to an untrusted search path...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to remote code execution (CVE-2026-21226)

Summary Python module azure-core is present in IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to remote code executiuon. This bulletin provides patch information to address the...

SUSE CVE-2026-23093

In the Linux kernel, the following vulnerability has been resolved: ksmbd: smbd: fix dmaunmapsg nents The dmaunmapsg functions should be called with the same nents as the dmamapsg, not the value the map function returned...

Google Android 安全漏洞

Google Android is an open-source operating system based on Linux, developed by Google Inc. There are security vulnerabilities in Google Android, which stem from a lack of boundary checks in the vpummap function of vpuioctl. This vulnerability may lead to arbitrary memory mapping, potentially...

CVE-2026-23097

In the Linux kernel, the following vulnerability has been resolved: migrate: correct lock ordering for hugetlb file folios Syzbot has found a deadlock analyzed by Lance Yang: 1 Task 5749: Holds foliolock, then tries to acquire immaprwsemread lock. 2 Task 5754: Holds immaprwsemwrite lock, then tri...

CVE-2026-23097

In the Linux kernel, the following vulnerability has been resolved: migrate: correct lock ordering for hugetlb file folios Syzbot has found a deadlock analyzed by Lance Yang: 1 Task 5749: Holds foliolock, then tries to acquire immaprwsemread lock. 2 Task 5754: Holds immaprwsemwrite lock, then tri...

CVE-2026-23109 fs/writeback: skip AS_NO_DATA_INTEGRITY mappings in wait_sb_inodes()

In the Linux kernel, the following vulnerability has been resolved: fs/writeback: skip ASNODATAINTEGRITY mappings in waitsbinodes Above the while loop in waitsbinodes, we document that we must wait for all pages under writeback for data integrity. Consequently, if a mapping, like fuse,...

CVE-2026-23093 ksmbd: smbd: fix dma_unmap_sg() nents

In the Linux kernel, the following vulnerability has been resolved: ksmbd: smbd: fix dmaunmapsg nents The dmaunmapsg functions should be called with the same nents as the dmamapsg, not the value the map function returned...

kernel: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping

A flaw was found in the Linux kernel’s ASoC Intel bytcrrt5640 driver. When an invalid value is passed via the driver’s “quirk” input option, the driver merely logs an error and retains the invalid value, rather than correcting it. This can result in out-of-bounds OOB memory access...

Ofensive-security-Portfolio

This repository contains my Offensive Cyber Security / Penetrati...

Ofensive-security

This repository contains my Offensive Cyber Security / Penetrati...

Malicious code in json-mapping-source (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 093c061d05775b657e0d7cd8c3473c81e17667c9f400d38dd2e95db3541bc622 The package json-mapping-source was found to contain malicious code. Source: ghsa-malware...

MAL-2026-725 Malicious code in json-mapping-source (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 093c061d05775b657e0d7cd8c3473c81e17667c9f400d38dd2e95db3541bc622 The package json-mapping-source was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview json-mapping-source is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

PT-2026-6005

Name of the Vulnerable Software and Affected Versions Android VPU driver versions prior to the February 2026 security patch Description The issue resides within the vpu ioctl function, specifically in the vpu mmap component. A missing bounds check allows for a potential arbitrary address mapping...

CVE-2025-47397

Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors...

RLSA-2026:1148 Important: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: Bluetooth: hcievent: call disconnect callback before deleting conn CVE-2023-53673 kernel: ASoC: Intel: bytcrrt5640: Fix invalid...

RLSA-2026:1142 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Bluetooth: hcievent: call disconnect callback before deleting conn CVE-2023-53673 kernel: ASoC: Intel: bytcrrt5640: Fix invalid quirk input mapping CVE-2025-40154 kernel: Linux kernel:...

This Week in Spring - February 3rd, 2026

Hi, Spring fans! This week I'm in northern Europe. I went on the Vaadin cruise from Finland to Sweden, gave a talk on a boat, then arrived in Stockholm in time for the amazing JFokus 2026 event where I had the privilege yesterday of doing a deep dive with my pal James Ward on Spring AI and agenti...