Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...

Exploit for CVE-2026-46243

CIFSwitch Checker - CVE-2026-46243 Checker para Linux que p...

bastion-waf-simulator

BASTION — Web Application Firewall Simulator A real-time We...

web-vulnerabilities-labs

Web Vulnerabilities Labs Notes techniques issues de labs web...

Vulnerabilities found in Microsoft Windows

Microsoft has published measures to address a vulnerability in Windows operating systems that could allow malicious individuals to access data encrypted via BitLocker. The vulnerability involves bypassing a security feature in Windows, known as “YellowKey”. A proof of concept is available that...

Astra Linux - уязвимость в linux

A issue was discovered in the Linux kernel through version 5.11.x. The kernel/bpf/verifier.c file contains unwanted out-of-bounds speculation during pointer arithmetic operations, which allows for side-channel attacks that circumvent Spectre mitigations and extract sensitive information from kern...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: x86/srso: Added SRSO mitigation for Hygon processors. Added mitigation for the speculative return stack overflow vulnerability, which also exists on Hygon processors...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: x86/bugs: Use code segment selector for VERW operand Robert Gill reported the following issue in 32-bit mode when the dosemu software executed the vm86 system call: General protection fault: 0000 1 PREEMPT SMP CPU: 4 PID: 4610...

Fedora 43 : kernel (2026-3f85a4eba7)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3f85a4eba7 advisory. The 7.0.9-104/204 kernels contain a fix for a SKBFLSHAREDFRAG page-cache corruption vulnerability as well as some mitigations for PinTheft Tenable has...

Fedora 44 : kernel (2026-57965ac9f7)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-57965ac9f7 advisory. The 7.0.9-104/204 kernels contain a fix for a SKBFLSHAREDFRAG page-cache corruption vulnerability as well as some mitigations for PinTheft Tenable has...

CVE-2026-7860

CVE-2026-7860 describes an information-disclosure risk in Vaadin build tools: Vaadin Maven/Gradle plugins can print the full set of environment variables to build logs when a frontend build fails (non-zero exit). This can expose credentials/secrets in CI logs and artifacts. Affected ranges and fi...

Fedora 44 : kernel (2026-346fbec5d5)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-346fbec5d5 advisory. The 7.0.9-102/202 stable kernel builds contain additional mitigations for new code paths in fragnesia, and a couple of other security updates without fancy...

⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More

Monday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned. A fake model page pushed a stealer. Then came the familiar ransom claim: the data was returned and deleted. The pattern is clear. One weak dependency c...

CVE-2026-26062 Fleet server may terminate unexpectedly when handling certain gRPC requests

Fleet is open source device management software. Prior to version 4.81.0, Fleet contained a denial-of-service DoS issue in the gRPC Launcher PublishLogs endpoint. In affected versions, certain unexpected input values were not handled gracefully, which could cause the Fleet server process to...

Exploit for CVE-2017-0144

💀 EternalBlue MS17-010 Exploitation Research Controlled r...

CVE-2026-44167

phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files eg. X509 certificates, RSA PKCS8 private or public keys, etc. This is a bypass of CVE-2024-27355. This vulnerability is fixed in 1.0.29, 2.0.54, and 3.0.52...

Five Attacks on X402 Agentic Payment Protocol

The x402 protocol revives the HTTP 402 Payment Required status code to enable web-native micropayments across APIs, content, and agents. It combines synchronous HTTP authorization with asynchronous blockchain settlement and introduces a cross-layer attack surface absent from conventional web and...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerabilities in picomatch-2.3.1.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerabilities in picomatch-2.3.1.tgz Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service ReDoS...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 — "Copy Fail" Safe Detection Script A read-o...

Duplicate Advisory: Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8mp2-v27r-99xp. This link is maintained to preserve external references. Original Description Summary Denial-of-Service DoS vulnerability in the Mistune Markdown parser. The issue occurs when processing speciall...