125172 matches found
Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities
Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2025-61726 DESCRIPTION: The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally...
GHSA-GJ84-924C-48FX Algernon: Auto-refresh SSE event server binds to all interfaces by default on Linux/macOS
Summary The SSE event server bound to 0.0.0.0:5553 on Linux/macOS by default because the platform-dependent host default in engine/flags.go:39-46 set host = "" for non-Windows, and utils.JoinHostPort"", ":5553" resolves to ":5553" — a Go http.Server.Addr of ":5553" listens on every interface. On...
Algernon: Auto-refresh SSE event server binds to all interfaces by default on Linux/macOS
Summary The SSE event server bound to 0.0.0.0:5553 on Linux/macOS by default because the platform-dependent host default in engine/flags.go:39-46 set host = "" for non-Windows, and utils.JoinHostPort"", ":5553" resolves to ":5553" — a Go http.Server.Addr of ":5553" listens on every interface. On...
GHSA-7WX4-6VFF-V64P Diffusers: TOCTOU Trust Remote Code Bypass
Background This vulnerability is found in the diffusers package - the transformers-equivalent library for diffusion models. It is found in the DiffusionPipeline.frompretrained flow, which is used to load a pipeline from the HuggingFace Hub. This function has a trustremotecode guard: if the...
Diffusers: TOCTOU Trust Remote Code Bypass
Background This vulnerability is found in the diffusers package - the transformers-equivalent library for diffusion models. It is found in the DiffusionPipeline.frompretrained flow, which is used to load a pipeline from the HuggingFace Hub. This function has a trustremotecode guard: if the...
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2026 - Includes Oracle April 2026 CPU for Rational Software Architect Designer
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition,Versions 8 and Java 17 that are used by Rational Software Architect Designer and Rational Software Architect Designer for Websphere Software. These issues were disclosed as part of the IBM SDK, Java Technology Edition...
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in Axios
Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in Axios. CVE-2025-62718 The vulnerability have been addressed. Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.j...
Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus
Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus probes and/or gateways have been addressed. Vulnerability Details CVEID:CVE-2026-21933 DESCRIPTION: Java SE could allow a remote attacker to bypass security controls and...
OSEC-2026-07 TLS-server does insufficient client certificate checks (missing KeyUsage and ExtendedKeyUsage validation)
The TLS server implementation does not validate the KeyUsage and ExtendedKeyUsage extensions of client certificates when mutually authenticated TLS is requested. This can lead to impersonation with a certificate issued to a server. Scenario An operations engineer enables mTLS on the admin endpoin...
Security Bulletin: Security Vulnerabilities affect IBM Voice Gateway
Summary Security Vulnerabilities affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-44288 DESCRIPTION: protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs includes a minimal UTF-8 decoder...
golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...
CVE-2026-5946
Multiple flaws have been identified in named related to the handling of DNS messages whose CLASS is not Internet IN — for example, CHAOS or HESIOD, or DNS messages that specify meta-classes ANY or NONE in the question section. Specially crafted requests reaching the affected code paths — recursio...
DEBIAN-CVE-2026-5946
Multiple flaws have been identified in named related to the handling of DNS messages whose CLASS is not Internet IN — for example, CHAOS or HESIOD, or DNS messages that specify meta-classes ANY or NONE in the question section. Specially crafted requests reaching the affected code paths — recursio...
ALPINE-CVE-2026-5946
Multiple flaws have been identified in named related to the handling of DNS messages whose CLASS is not Internet IN — for example, CHAOS or HESIOD, or DNS messages that specify meta-classes ANY or NONE in the question section. Specially crafted requests reaching the affected code paths — recursio...
CVE-2026-5946
Summary of CVE-2026-5946 (CVE entry for named in BIND) : The issue involves the DNS message handling in the BIND 9 recursive resolver (named) when processing DNS classes other than IN (e.g., CHAOS/HESIOD) or non-IN data in questions. According to the sources, specially crafted requests reaching c...
CVE-2026-5946 Invalid handling of CLASS != IN
Multiple flaws have been identified in named related to the handling of DNS messages whose CLASS is not Internet IN — for example, CHAOS or HESIOD, or DNS messages that specify meta-classes ANY or NONE in the question section. Specially crafted requests reaching the affected code paths — recursio...
EUVD-2026-31107
Multiple flaws have been identified in named related to the handling of DNS messages whose CLASS is not Internet IN — for example, CHAOS or HESIOD, or DNS messages that specify meta-classes ANY or NONE in the question section. Specially crafted requests reaching the affected code paths — recursio...
CVE-2026-5946
Multiple flaws have been identified in named related to the handling of DNS messages whose CLASS is not Internet IN — for example, CHAOS or HESIOD, or DNS messages that specify meta-classes ANY or NONE in the question section. Specially crafted requests reaching the affected code paths — recursio...
CVE-2026-5946
Multiple flaws have been identified in named related to the handling of DNS messages whose CLASS is not Internet IN — for example, CHAOS or HESIOD, or DNS messages that specify meta-classes ANY or NONE in the question section. Specially crafted requests reaching the affected code paths — recursio...
CVE-2026-5946 Invalid handling of CLASS != IN
Multiple flaws have been identified in named related to the handling of DNS messages whose CLASS is not Internet IN — for example, CHAOS or HESIOD, or DNS messages that specify meta-classes ANY or NONE in the question section. Specially crafted requests reaching the affected code paths — recursio...