Security Bulletin: Vulnerabilities in libpng affects IBM Netezza Appliance

Summary The libpng package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEsCVE-2025-64720, CVE-2025-65018, CVE-2025-66293 Vulnerability Details CVEID:CVE-2025-64720 DESCRIPTION: LIBPNG is a reference library for use in applications that read, create, and...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the path-to-regexp library

Summary Due to use of the path-to-regexp library, DevOps Test Performance and Rational Performance Tester contain a potential Regular Expression Denial of Service ReDoS vulnerability. Vulnerability Details CVEID:CVE-2026-4923 DESCRIPTION: Impact: When using multiple wildcards, combined with at...

Security Bulletin: Vulnerability in setuptools affects IBM Netezza Appliance

Summary The setuptools package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-47273 Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python...

Attacking the MCP Trust Boundary

Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even email distinguishes the envelope from the message. The Model Context Protocol MCP, the fast-growing standard for connecting AI agents to external services, inherits that gap...

K000160944: Axios NPM supply chain attack MAL-2026-2306 GHSA-fw8c-xr5c-95f9

Security Advisory Description Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer ma...

CVE-2026-31431

A flaw was found in the Linux kernel's algifaead cryptographic algorithm interface. An incorrect in-place operation causes source and destination data mappings to differ during cryptographic processing. A low-privileged local attacker can exploit this flaw to corrupt the contents of sensitive...

Security Bulletin: Due to use angular-1.8.2.min.js , IBM webMethods Integration Server is affected by multiple vulnerabilities.

Summary Multiple vulnerabilities were addressed in IBM webMethods Integration Server by upgrading the version of the Angular framework. Vulnerability Details CVEID:CVE-2025-0716 DESCRIPTION: Improper sanitization of the value of the 'href' and 'xlink:href' attributes in 'image' SVG elements in...

Exploit for CVE-2026-26903

CVE-2026-26903 PoC Denial-of-service via unbounded recursio...

PT-2026-34527

Summary The extractall function in src/poetry/utils/helpers.py:410-426 extracts sdist tarballs without path traversal protection on Python versions where tarfile.data filter is unavailable. Considering only Python versions which are still supported by Poetry, these are 3.10.0 - 3.10.12 and 3.11.0...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a memory leak during the reset of the work queue in dmaengine idxd. This vulnerability may cause...

Important: java-25-openjdk security update

The OpenJDK 25 packages provide the OpenJDK 25 Java Runtime Environment and the OpenJDK 25 Java Software Development Kit. Security Fixes: JDK: Enhance crypto algorithm support CVE-2026-22007 JDK: Improved Arena allocations CVE-2026-22008 JDK: Improve Kerberos credentialing CVE-2026-22013 JDK:...

PT-2026-36652

Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description The built-in SSH server uses default configurations that advertise weak or broken key exchange, MAC, and host key algorithms. Specifically, the server supports the ecdh-sha2-nistp256,...

📄 WordPress Highlight and Share 5.2.0 Missing Authentication

WordPress Highlight and Share plugin versions 5.2.0 and below suffers from a missing authentication vulnerability. Exploit Title: WordPress Plugin 5.2.0 - Broken Access Control Date: 2025-09-20 Exploit Author: Zeeshan Haider Vendor Homepage: https://wordpress.org/plugins/ Software Link:...

📄 WebDAV PHP Upload

This Metasploit module exploits WebDAV which also has PHP enabled, such as found on XAMPP servers. It can use do by using any supplied credentials to upload via WebDAV, a PHP payload and then execute it. This module requires Metasploit: https://metasploit.com/download Current source:...

📄 Eclipse Che WebSocket Machine-Exec Remote Code Execution

This Python script is a WebSocket-based client designed to interact with an Eclipse Che / DevSpaces machine-exec service and test for an unauthenticated remote code execution vulnerability...

ALSA-2026:9693 Important: java-25-openjdk security update

The OpenJDK 25 packages provide the OpenJDK 25 Java Runtime Environment and the OpenJDK 25 Java Software Development Kit. Security Fixes: JDK: Enhance crypto algorithm support CVE-2026-22007 JDK: Improved Arena allocations CVE-2026-22008 JDK: Improve Kerberos credentialing CVE-2026-22013 JDK:...

WordPress Plugin 5.2.0 - Broken Access Control

Exploit Title: WordPress Plugin 5.2.0 - Broken Access Control Date: 2025-09-20 Exploit Author: Zeeshan Haider Vendor Homepage: https://wordpress.org/plugins/ Software Link: https://wordpress.org/plugins/highlight-and-share/ Version: Description A broken access control vulnerability exists in a...

PT-2026-34346

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the dmaengine idxd component when a workqueue is reset. The function idxd wq disable cleanup sets the workqueue type to NONE before its resources are released,...

Linux Distros Unpatched Vulnerability : CVE-2026-35329

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - strongswan - None Ubuntu Linux - NULL-Pointer Dereference When Processing Padding in PKCS7 CVE-2026-35329 Note that Nessus relies on the presence...

RHEL 7 : java-1.8.0-openjdk (RHSA-2026:9682)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:9682 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...