GHSA-89GG-P5R5-Q6R4 MONAI: Unsafe functions lead to pickle deserialization rce

Summary The algofrompickle function in monai/auto3dseg/utils.py causes pickle.loadsdatabytes to be executed, and it does not perform any validation on the input parameters. This ultimately leads to insecure deserialization and can result in code execution vulnerabilities. Details poc import pickl...

MONAI: Unsafe functions lead to pickle deserialization rce

Summary The algofrompickle function in monai/auto3dseg/utils.py causes pickle.loadsdatabytes to be executed, and it does not perform any validation on the input parameters. This ultimately leads to insecure deserialization and can result in code execution vulnerabilities. Details poc import pickl...

CVE-2025-14859

The Semtech LR11xx LoRa transceivers implement secure boot functionality using digital signatures to authenticate firmware. However, the implementation uses a non-standard cryptographic hashing algorithm that is vulnerable to second preimage attacks. An attacker with physical access to the device...

GHSA-436V-8FW5-4MJ8 Local settings bypass config trust checks

Summary mise loads trust-control settings from a local project .mise.toml before the trust check runs. An attacker who can place a malicious .mise.toml in a repository can make that same file appear trusted and then reach dangerous directives such as env .source, templates, hooks, or tasks. The...

Local settings bypass config trust checks

Summary mise loads trust-control settings from a local project .mise.toml before the trust check runs. An attacker who can place a malicious .mise.toml in a repository can make that same file appear trusted and then reach dangerous directives such as env .source, templates, hooks, or tasks. The...

Security Bulletin: Multiple Security vulnerabilities affecting IBM Knowledge Catalog Premium Cartridge

Summary Multiple security vulnerabilities impacting IBM Knowledge Catalog Premium Cartridge. These vulnerabilities had been addressed and customers should update to the recommended version of the product at the earliest opportunity. Vulnerability Details CVEID:CVE-2025-4565 DESCRIPTION: Any proje...

GHSA-HFPQ-X728-986J netavark has incorrect error handling for malformed tcp packets

Impact A truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. Patches https://github.com/containers/aardvark-dns/commit/3b49ea7b38bdea134b7f03256f2e13f44ce73bb1 Workarounds None Credits Thanks to @dkane01 for reporti...

netavark has incorrect error handling for malformed tcp packets

Impact A truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. Patches https://github.com/containers/aardvark-dns/commit/3b49ea7b38bdea134b7f03256f2e13f44ce73bb1 Workarounds None Credits Thanks to @dkane01 for reporti...

CVE-2025-14859

CVE-2025-14859 affects Semtech LR11xx LoRa transceivers with a secure boot that relies on a non-standard cryptographic hash. The root cause is a hash algorithm vulnerable to second preimage attacks, allowing a physically present attacker to craft a malicious firmware image that collides with the ...

CVE-2025-14859 Semtech LR11xx Secure Boot Bypass

The Semtech LR11xx LoRa transceivers implement secure boot functionality using digital signatures to authenticate firmware. However, the implementation uses a non-standard cryptographic hashing algorithm that is vulnerable to second preimage attacks. An attacker with physical access to the device...

CVE-2025-14859

The Semtech LR11xx LoRa transceivers implement secure boot functionality using digital signatures to authenticate firmware. However, the implementation uses a non-standard cryptographic hashing algorithm that is vulnerable to second preimage attacks. An attacker with physical access to the device...

CVE-2025-14859 Semtech LR11xx Secure Boot Bypass

The Semtech LR11xx LoRa transceivers implement secure boot functionality using digital signatures to authenticate firmware. However, the implementation uses a non-standard cryptographic hashing algorithm that is vulnerable to second preimage attacks. An attacker with physical access to the device...

AD/CS Authenticated Web Enrollment Services Module

Authenticates to the AD/CS Web enrollment service and allows the user to query templates and create certificates based on available templates. Module Options msf use auxiliary/admin/http/webenrollmentcert msf auxiliarywebenrollmentcert show actions ...actions... msf auxiliarywebenrollmentcert set...

Security Bulletin: Due to use of Apache Tika, IBM Operations Analytics - Log Analysis is affected by XML External Entity (XXE) vulnerability

Summary Apache Tika in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of the extraction of text and metadata from uploaded documents so they can be indexed and searched through Solr's ExtractingRequestHandler. CVE-2025-54988, CVE-2025-66516 Vulnerability Details...

CVE-2026-34950

fast-jwt provides fast JSON Web Token JWT implementation. In 6.1.0 and earlier, the publicKeyPemMatcher regex in fast-jwt/src/crypto.js uses a ^ anchor that is defeated by any leading whitespace in the key string, re-enabling the exact same JWT algorithm confusion attack that CVE-2023-48223 patch...

Security Bulletin: Multiple vulnerabilities found in IBM ApplinX.

Summary IBM ApplinX has been updated in order to address multiple vulnerabilities CVE-2026-27970, CVE-2026-29063, CVE-2025-68161, CVE-2026-27830, CVE-2024-31033, CVE-2026-33671, CVE-2026-33672, CVE-2026-32635, CVE-2025-66035, CVE-2025-66412, CVE-2026-22610, WS-2026-0003. Vulnerability Details...

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.22 LTS and 13.0.0 address the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to remote code execution (CVE-2026-29063)

Summary IBM App Connect Enterprise Certified Container operands are vulnerable to remote code execution. This bulletin provides patch information to address the reported vulnerability in node.js module immutable CVE-2026-29063 Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to path traversal (CVE-2026-29087) and timing oracle attacks (GHSA-gq3j-xvxp-8hrf)

Summary Node.js module hono is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands are vulnerable to path traversal CVE-2026-29087 and timing oracle attacks GHSA-gq3j-xvxp-8hrf. This bulletin provides patch information to address the...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service (CVE-2026-30922)

Summary IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Python module pyasn1 CVE-2026-30922 Vulnerability Details...