Security Bulletin: Security Vulnerabilities affect IBM Voice Gateway

Summary Security Vulnerabilities affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-2950 DESCRIPTION: Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-1346...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in jetty-http (CVE-2025-11143)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-11143 reported for jetty-http-12.0.25.jar. Vulnerability Details CVEID:CVE-2025-11143 DESCRIPTION: The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differentia...

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in minimatch

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in minimatch. CVE-2026-26996 The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting gl...

Security Bulletin: IBM Transformation Advisor is affected by multiple vulnerabilities found in Java, JavaScript and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java, JavaScript and IBM WebSphere Application Server Liberty used by IBM Transformation Advisor. Vulnerability Details CVEID:CVE-2026-33151 DESCRIPTION: Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prio...

Security Bulletin: IBM Application Modernization Accelerator is affected by multiple vulnerabilities found in Java, JavaScript and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java, JavaScript and IBM WebSphere Application Server Liberty used by IBM Application Modernization Accelerator. Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, an...

Security update for bouncycastle

This update for bouncycastle fixes the following issues: Update to version 1.84. Security issues fixed: CVE-2025-14813: GOSTCTR implementation unable to process more than 255 blocks correctly bsc1262225. CVE-2026-0636: LDAP injection in LDAPStoreHelper.java leads to information disclosure...

SUSE-SU-2026:1639-1 Security update for bouncycastle

This update for bouncycastle fixes the following issues: Update to version 1.84. Security issues fixed: - CVE-2025-14813: GOSTCTR implementation unable to process more than 255 blocks correctly bsc1262225. - CVE-2026-0636: LDAP injection in LDAPStoreHelper.java leads to information disclosure...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925))

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by IBM Tivoli System Automation Application Manager. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses torch-2.8.0-cp310-none-macosx_11_0_arm64.whl which is vulnerable to CVE-2026-24747

Summary IBM Maximo Application Suite - Visual Inspection component uses torch-2.8.0-cp310-none-macosx110arm64.whl which is vulnerable to CVE-2026-24747, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-24747 DESCRIPTION:...

java-21-openjdk security update

An update is available for java-21-openjdk. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environme...

RLSA-2026:9689 Important: java-21-openjdk security update

The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixes: JDK: Enhance crypto algorithm support CVE-2026-22007 JDK: Improve Kerberos credentialing CVE-2026-22013 JDK: Enhance Path Factories Redux CVE-2026-22016 JDK:...

RockyLinux 9 : java-21-openjdk (RLSA-2026:9689)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:9689 advisory. JDK: Enhance crypto algorithm support CVE-2026-22007 JDK: Improve Kerberos credentialing CVE-2026-22013 JDK: Enhance Path Factories Redux CVE-2026-22016...

Juniper Junos OS Multiple Vulnerabilities (JSA82974)

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA82974 advisory. - Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications on the Windows 64...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tar-6.2.1.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in tar-6.2.1.tgz Vulnerability Details CVEID:CVE-2026-23745 DESCRIPTION: node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is fals...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to regular expression denial of service (ReDoS) due to the transformers package (CVE-2025-2099)

Summary The transformers package is used by DataStage on Cloud Pak for Data as part of machine learning processing. Vulnerability Details CVEID:CVE-2025-2099 DESCRIPTION: A vulnerability in the preprocessstring function of the transformers.testingutils module in huggingface/transformers version...

Exploit for Improper Access Control in Nodejs Node.Js

CVE-2026-21636 - Node.js Permission Model UDS/Network Bypass...

JLSEC-2026-219 Null pointer deference in openssl-src

Server or client applications that call the SSLcheckchain function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signaturealgorithmscert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm i...

JLSEC-2026-238 Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a...

Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The...

JLSEC-2026-275

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denia...

JLSEC-2026-267 Issue summary: A timing side-channel which could potentially allow remote recovery of the private...

Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private...