Security Bulletin: IBM Sterling Secure Proxy is vulnerable to denial-of-service due to Jetty

Summary A security vulnerability in Jetty's ThreadLimitHandler.getRemote can be exploited by unauthorized users to cause remote denial-of-service DoS attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory. IBM Sterling Secure Proxy...

Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (April 2026 - Part 1 of 2)

Summary Multiple vulnerabilities have been addressed in Data Virtualization on IBM Software Hub. Note that Data Virtualization was named Watson Query on IBM Cloud Pak for Data version 4.8. Vulnerability Details CVEID:CVE-2026-23949 DESCRIPTION: jaraco.context, an open-source software package that...

Exploit for CVE-2026-31431

CVE-2026-31431 Mitigation for Deckhouse Kubernetes Platform...

Exploit for CVE-2026-31431

CVE-2026-31431 "Copy Fail" — Ansible Mitigation Recipe !C...

Exploit for CVE-2026-31431

copy-fail-go Go port of grenkocahttps://gist.github.com/gr...

Exploit for CVE-2026-31431

copy-fail-fix Per-distro mitigation scripts for CVE-2026-314...

PT-2026-36446

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix soft lockup in mptcp recvmsg syzbot reported a soft lockup in mptcp recvmsg 0. When receiving data with MSG PEEK | MSG WAITALL flags, the skb is not removed from the sk receive queue. This causes sk wait data to always...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the asynchronous algorithm not setting the CRYPTOALGASYNC flag, potentially leading to crashes...

mem0 输入验证错误漏洞

mem0 is an efficient memory algorithm benchmarking tool open-sourced by Mem0. An input validation error vulnerability exists in mem0 1.0.11 and earlier versions, which stems from improper manipulation of the pickle.load/pickle.dump functions in the mem0/vectorstores/faiss.py file, which could lea...

Security Advisory 0136

Security Advisory 0136 PDF Date: May 1, 2026 Revision | Date | Changes ---|---|--- 1.0 | May 1, 2026 | Initial release 1.1 | May 7, 2026 | Additional required configuration for exploitation information added 1.2 | May 11, 2026 | Advisory updated with additional mitigations. The CVE-ID tracking th...

Exploit for CVE-2026-31431

CVE-2026-31431-Copy-Fail---Vulnerability-Detection-Script Dete...

openjdk: Enhance crypto algorithm support (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0....

Important: Red Hat Security Advisory: OpenJDK 25.0.3 Security Update for Windows Builds

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References...

Security Bulletin: Vulnerability in Java SE (CVE-2024-29371) affects IBM PowerVM Novalink.

Summary Java SE is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that allows an remote attacker to cause...

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2025-14914) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-14914 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip...

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2024-29371) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web...

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2026-29063) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototyp...

Exploit for CVE-2026-41940

cpanel-cve-2026-41940-fix One-shot detection and remediatio...

Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable due to SQL Injection vulnerability in Dashboard UI (CVE-2025-36368)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed SQL Injection vulnerability Vulnerability Details CVEID:CVE-2025-36368 DESCRIPTION: IBM Sterling B2B Integrator and IBM Sterling File Gateway are vulnerable to SQL injection. An administrative user could send special...

Gotenberg Vulnerable to Unauthenticated SSRF via Unfiltered Webhook URL

CVE Report — Unauthenticated SSRF via Unfiltered Webhook URL in Gotenberg Severity | Field | Value | |-----------|----------------------------------------| | CVSS v3.1 | 8.6 High | | Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N | | CWE | CWE-918 — Server-Side Request Forgery | | Auth | None |...