Important: Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.9.2 release

Red Hat OpenShift distributed tracing platform Tempo 3.9.2 has been released This release of the Red Hat OpenShift distributed tracing platform Tempo provides security improvements and bug fixes. Breaking changes: None. Deprecations: None. Technology Preview features: None. Enhancements: None. Bu...

Kyber Ransomware Double Trouble: Windows and ESXi Attacks Explained

Overview For executive leadership, the emergence of Kyber ransomware represents a significant and immediate threat due to its specialized, dual-platform deployment capability targeting mission-critical virtualization infrastructure VMware ESXi and core Windows file systems. This cross-platform...

GHSA-6VQF-6FHM-7RC6 OpenMage LTS has a Path Traversal Filter Bypass in Dataflow Module

The Dataflow module in OpenMage LTS uses a weak blacklist filter strreplace'../', '', $input to prevent path traversal attacks. This filter can be bypassed using patterns like ..././ or ....//, which after the replacement still result in ../. An authenticated administrator can exploit this to rea...

OpenMage LTS has a Path Traversal Filter Bypass in Dataflow Module

The Dataflow module in OpenMage LTS uses a weak blacklist filter strreplace'../', '', $input to prevent path traversal attacks. This filter can be bypassed using patterns like ..././ or ....//, which after the replacement still result in ../. An authenticated administrator can exploit this to rea...

GHSA-FG79-CR9C-7369 OpenMage LTS: Phar Deserialization leads to Remote Code Execution

PHP functions such as getimagesize, fileexists, and isreadable can trigger deserialization when processing phar:// stream wrapper paths. OpenMage LTS uses these functions with potentially controllable file paths during image validation and media handling. An attacker who can upload a malicious ph...

OpenMage LTS: Phar Deserialization leads to Remote Code Execution

PHP functions such as getimagesize, fileexists, and isreadable can trigger deserialization when processing phar:// stream wrapper paths. OpenMage LTS uses these functions with potentially controllable file paths during image validation and media handling. An attacker who can upload a malicious ph...

Security Bulletin: There is a vulnerability in vertx-core-4.1.0.jar used by IBM Maximo Asset Management application (CVE-2026-1002)

Summary There is a vulnerability in vertx-core-4.1.0.jar used by IBM Maximo Asset Management application CVE-2026-1002 Vulnerability Details CVEID:CVE-2026-1002 DESCRIPTION: The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler...

Security Bulletin: Due to use of Google Protocol Buffers, IBM Operations Analytics – Log Analysis is affected by denial of service.

Summary Google Protocol Buffers in Apache Solr is used by IBM Operations Analytics – Log Analysis as part of the data serialization and communication between services. CVE-2021-22570. Vulnerability Details CVEID:CVE-2021-22570 DESCRIPTION: Nullptr dereference when a null char is present in a prot...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a specific "Gadget" attack chain and proxy bypass and SSRF vulnerabilities due to Node js module axios (CVE-2025-62718 & CVE-2026-40175)

Summary IBM App Connect Enterprise runtime and IBM App Connect Enterprise Connector Discovery and OpenAPI Editor are vulnerable to a specific "Gadget" attack chain and proxy bypass and SSRF vulnerabilities due to Node js module axios. Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios ...

Security Bulletin: A security vulnerability may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced (CVE-2024-29371).

Summary A security vulnerability may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced CVE-2024-29371. IBM WebSphere Liberty has been updated within IBM CICS TX Advanced to address this vulnerability. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before...

Security Bulletin: A security vulnerability may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Standard.

Summary A security vulnerability may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Standard CVE-2024-29371. IBM WebSphere Liberty has been updated within IBM CICS TX Standard to address this vulnerability. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before...

Security Bulletin: A security vulnerability may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms (CVE-2024-29371).

Summary A security vulnerability may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms CVE-2024-29371. IBM WebSphere Liberty has been updated within TXSeries for Multiplatforms to address this vulnerability. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In...

MINE-CYBERSECURITY-PROJECT-1

MINE-CYBERSECURITY-PROJECTS This repository contains advanced...

Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF19 patch. Vulnerability Details CVEID:CVE-2022-39135 DESCRIPTION: Apache Calcite 1.22.0 introduced the SQL operators EXISTSNODE, EXTRACTXML, XMLTRANSFORM and EXTRACTVALUE do not restrict XML Extern...

Security Bulletin: IBM Storage Protect Operations Center is affected by vulnerabilities in the dojo-profile library that could allow prototype pollution or improper handling of crafted PNG inputs (CVE-2021-23450, CVE-2008-6681, CVE-2010-2273).

Summary IBM Storage Protect Operations Center uses the dojo-profile library in certain components. Vulnerabilities in this library may allow prototype pollution or improper handling of specially crafted PNG files, which could lead to memory corruption or denial-of-service conditions in applicatio...

Multiple vulnerabilities in silex technology SD-330AC and AMC Manager

Overview SD-330AC and AMC Manager provided by silex technology, Inc. contain multiple vulnerabilities listed below. Stack-based buffer overflow in processing the redirect URLs CWE-121 - CVE-2026-32955 Heap-based buffer overflow in processing the redirect URLs CWE-122 - CVE-2026-32956 Missing...

Silex Technology SD-330AC and AMC Manager

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, cause a denial-of-service, or configuration information may be altered without authentication. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize...

PT-2026-34202

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions 29.0 and earlier Description The allowOrigin$allowAll=true function in objects/functions.php reflects any arbitrary Origin header back in Access-Control-Allow-Origin along with Access-Control-Allow-Credentials: true. This...

PT-2026-34199

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions prior to 29.1 Description A state-mutating JSON endpoint 'objects/commentDelete.json.php' fails to perform Cross-Site Request Forgery CSRF validation. The endpoint does not utilize the forbidIfIsUntrustedRequest function,...

PT-2026-34178

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/configurationUpdate.json.php also routed via /updateConfig persists dozens of global site settings from $ POST but protects the endpoint only with User::isAdmin. It does not call forbidIfIsUntrustedRequest, does not...