@grpc/grpc-js: An incoming malformed compressed message can cause a client or server crash

Impact An invalid incoming compressed message can cause a client or server process to crash. This affects all clients and servers that use @grpc/grpc-js Patches The following version have fixes for this vulnerability: - 1.9.16 - 1.10.12 - 1.11.4 - 1.12.7 - 1.13.5 - 1.14.4 Workarounds There is no...

PT-2026-48692

Impact An invalid incoming compressed message can cause a client or server process to crash. This affects all clients and servers that use @grpc/grpc-js Patches The following version have fixes for this vulnerability: - 1.9.16 - 1.10.12 - 1.11.4 - 1.12.7 - 1.13.5 - 1.14.4 Workarounds There is no...

TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs

Impact TinyMCE 6.8.x contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary JavaScript. Patches This issue affects TinyMCE 6.8.x-7.0.x. The vulnerability is fix...

CVE-2026-34067

nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, HistoryTreeProof::verify panics on a malformed proof where history.len != positions.len due to asserteq!history.len, positions.len. The proof object is derived from untrusted p2...

CVE-2026-41127

BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have a missing authorization that allows viewers to inject/overwrite captions Version 3.0.24 tightened the permissions on who is able to submit captions. No known workarounds are available...

EUVD-2026-34862

Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to 1.0.0.CR3-20260418.124334-32 impacts publicly accessible software depending on the affected versions of Network and allows an attacker to exploit a bug in Network to close the pare...

CVE-2026-45290

Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to 1.0.0.CR3-20260417.085727-30 impacts publicly accessible software depending on the affected versions of Network and allows an attacker to exploit a vulnerability in Network to stal...

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in simple-git

Summary Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in simple-git. CVE-2026-6951 The vulnerability have been addressed. Vulnerability Details CVEID:CVE-2026-6951 DESCRIPTION: Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code...

PT-2026-47012

Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to 1.0.0.CR3-20260418.124334-32 impacts publicly accessible software depending on the affected versions of Network and allows an attacker to exploit a bug in Network to close the pare...

CVE-2026-35049

The CVE-2026-35049 entry affects the wire-ios iOS client. Before version 4.16.0, processing a crafted Proteus external message with an encrypted payload under 16 bytes causes an automatic crash after receipt. The malicious message remains in the conversation and causes a crash loop on relaunch, p...

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2025-14915) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-14915 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is...

Astra Linux - уязвимость в xrdp

xrdp is an open-source project that provides a graphical login to remote machines using the Microsoft Remote Desktop Protocol RDP. Version 0.9.21 and earlier of xrdp contains a buffer overflow in the devredirprocclientdevlistannouncereq function. There are no known workarounds for this issue. Use...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses xmldom which is vulnerable to CVE-2026-34601

Summary IBM Maximo Application Suite - Visual Inspection component uses xmldom which is vulnerable to CVE-2026-34601, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-34601 DESCRIPTION: xmldom is a pure JavaScript W3C...

Astra Linux – Vulnerability in Squid

Squid is an open-source caching proxy for the web, supporting HTTP, HTTPS, FTP, and other protocols. Due to a bug related to collapsing data into unsafe values, Squid may be vulnerable to Denial of Service attacks involving HTTP header parsing. This issue allows a remote client or server to cause...

Astra Linux – Vulnerability in xrdp

xrdp is an open-source project that provides a graphical login to remote machines using the Microsoft Remote Desktop Protocol RDP. xrdp versions prior to 0.9.21 contain a “Out of Bound Read” vulnerability in the xrdpsecprocessmcsdataCSCORE function. There are no known workarounds for this issue...

Astra Linux – Vulnerability in xrdp

xrdp is an open-source project that provides a graphical login interface for accessing remote machines using the Microsoft Remote Desktop Protocol RDP. Version 0.9.21 and earlier of xrdp contains a buffer overflow in the xrdploginwndcreate function. There are no known solutions to this issue. Use...

Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable due to reflected XSS vulnerability in AFT (CVE-2026-0835)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed reflected XSS vulnerability Vulnerability Details CVEID:CVE-2026-0835 DESCRIPTION: IBM Sterling B2B Integrator and IBM Sterling File Gateway is vulnerable to cross-site scripting. This vulnerability allows an...

CVE-2026-34067

nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, HistoryTreeProof::verify panics on a malformed proof where history.len != positions.len due to asserteq!history.len, positions.len. The proof object is derived from untrusted p2...

CVE-2026-34068 nimiq-transaction: UpdateValidator transactions allows voting key change without proof-of-knowledge

nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, the staking contract accepts UpdateValidator transactions that set newvotingkey=Some... while omitting newproofofknowledge. this skips the proof-of-knowledge requirement that is...

CVE-2026-34063

CVE-2026-34063 affects Nimiq’s network-libp2p prior to v1.3.0. The discovery mechanism assumes at most one inbound and one outbound substream per connection; if a remote peer opens the discovery protocol substream a second time, the libp2p ConnectionHandler may panic with “Inbound already connect...