CVE-2026-46251

The CVE-2026-46251 issue is a Linux kernel Btrfs vulnerability where, when EXTENT_TREE_V2 is enabled, the block_group_tree may be added to switch_commits while still on the dirty_list, causing invalid list manipulation and corruption of block_group_root->dirty_list. This corruption can propaga...

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to issues in Jetty

Summary There are vulnerabilities in Jetty used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs CVE-2025-11143, CVE-2026-2332. Vulnerability Details CVEID:CVE-2025-11143 DESCRIPTION: The Jetty URI parser has...

Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore

Assume the breach. Zero-days keep shipping, AI is writing exploits faster than anyone patches, and "patch everything in time" stopped working years ago. Stop betting the org on winning that race. You don't control which bug lands. You control what it can reach once it does. That is a question abo...

Security Bulletin: IBM Maximo Application Suite uses WebSphere Application Server Liberty which is vulnerable to CVE-2026-3621.

Summary IBM Maximo Application Suite uses WebSphere Application Server Liberty which is vulnerable to CVE-2026-3621. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-3621 DESCRIPTION: IBM WebSphere Application Server - Liberty...

Security Bulletin: A vulnerability has been identified in IBM DevOps Plan that allows a Host Header Injection attack due to improper handling of the Host header in HTTP requests. (CVE-2026-4096)

Summary A vulnerability has been identified in IBM DevOps Plan that allows a Host Header Injection attack due to improper handling of the Host header in HTTP requests. Version 3.0.7 addresses the vulnerability. Vulnerability Details CVEID:CVE-2026-4096 DESCRIPTION: IBM DevOps Plan is vulnerable t...

Security Bulletin: Oracle Outside In Technology (OIT) v8.5.7 BP9, v8.5.8 BP2 vulnerabilities CVE-2025-54874 (vulnerable), CVE-2025-59375 (vulnerable) in FileNet Content Manager (FNCM) Content Based Retrieval (CBR) content indexing

Summary Oracle Outside In Technology OIT v8.5.7 BP9, v8.5.8 BP2 January, 2025 vulnerabilities CVE-2025-54874 vulnerable, CVE-2025-59375 vulnerable in FileNet Content Manager FNCM Content Based Retrieval CBR content indexing Vulnerability Details CVEID:CVE-2025-54874 DESCRIPTION: OpenJPEG is an...

Security Bulletin: Oracle Outside In Technology (OIT) v8.5.7 BP9, v8.5.8 BP2 vulnerabilities CVE-2025-54874 (vulnerable), CVE-2025-59375 (vulnerable) in FileNet Content Manager (FNCM) Content Based Retrieval (CBR) content indexing

Summary Oracle Outside In Technology OIT v8.5.7 BP9, v8.5.8 BP2 January, 2025 vulnerabilities CVE-2025-54874 vulnerable, CVE-2025-59375 vulnerable in FileNet Content Manager FNCM Content Based Retrieval CBR content indexing Vulnerability Details CVEID:CVE-2025-54874 DESCRIPTION: OpenJPEG is an...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issues were fixed: CVE-2023-20585: x86/CPU: Fix FPDSS on Zen1 bsc1243603. CVE-2025-54518: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache bsc1264013...

SUSE-SU-2026:2238-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-20585: x86/CPU: Fix FPDSS on Zen1 bsc1243603. - CVE-2025-54518: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache bsc1264013. -...

Security Bulletin: Vulnerabilities in tomcat affects IBM Netezza Appliance

Summary The tomcat package is used by IBM Netezza Appliance. IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-31651,CVE-2025-55752 Vulnerability Details CVEID:CVE-2025-31651 DESCRIPTION: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat...

New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The vulnerability has been codenamed HTTP/2 Bomb by Calif. "The vulnerable behavior exists in each server's...

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

Security Bulletin: IBM Maximo Application Suite uses once-2.0.0.tgz which is vulnerable to CVE-2026-3449

Summary IBM Maximo Application Suite uses once-2.0.0.tgz which is vulnerable to CVE-2026-3449. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-3449 DESCRIPTION: Versions of the package @tootallnate/once before 3.0.1 are vulnerab...

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite uses pytest-9.0.2-py3-none-any.whl, WebSphere Application Server Liberty, dompurify-3.2.7.tgz, requests-2.32.5-py3-none-any.whl, yaml-1.10.2.tgz, brace-expansion-1.1.12.tgz and dompurify-3.3.2.tgz which are vulnerable to CVE-2025-71176, CVE-2025-14923,...

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite uses minimatch-3.0.5.tgz, OpenTelemetry Go SDK, jaraco.context, IBM WebSphere Application Server Liberty, picomatch-2.3.1.tgz, path-to-regexp-0.1.12.tgz, lodash-4.17.23.tgz, pillow-12.1.1-cp311-cp311-manylinux227x8664.manylinux228x8664.whl,...

Progress Software WhatsUp Gold GetFileWithoutZip Directory Traversal - Remote Code Execution

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of GetFileWithoutZip method. The issue results from th...

Important: Red Hat Security Advisory: openssh update

An update for openssh is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage

A flaw was found in OpenSSH. This vulnerability allows the system to use unintended Elliptic Curve Digital Signature Algorithm ECDSA algorithms. This occurs because the configuration for accepted public key algorithms is misinterpreted, leading to the use of weaker cryptographic methods than...

Security Bulletin: Due to use of log4j-core-2.25.3.jar, IBM Sterling Connect:Direct Web Services is vulnerable to log injection via CRLF sequences.

Summary log4j-core-2.25.3.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-34477, CVE-2026-34478, CVE-2026-34479, CVE-2026-34480. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplet...