Important: Red Hat Security Advisory: java-1.8.0-ibm security update

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

📄 dwatch 0.0.2 SSRF Boundary and Network Isolation Audit Tool

This is an auditing tool to analyze server-side request forgery vulnerabilities in dwatch version 0.0.2. ================================================================================================================================== | Title : dwatch 0.0.2 SSRF Boundary and Network Isolation...

Linux Distros Unpatched Vulnerability : CVE-2025-26843

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - znuny - None Ubuntu Linux - Unknown description CVE-2025-26843 Note that Nessus relies on the presence of the package as reported by the vendor...

PT-2026-45484

Summary Type: Authorization bypass enabling workspace metadata + settings tampering. The PATCH /workspaces/workspace id endpoint is gated only by require workspace memberworkspace id default min role="member". Any member can rewrite the workspace's name, description, and the settings JSON blob. T...

Security update for apache-commons-lang3, apache-commons-text, apache-commons-configuration2, apache-commons-cli, apache-commons-io, apache-commons-codec (important)

openSUSE security update: security update for apache-commons-lang3, apache-commons-text, apache-commons-configuration2, apache-commons-cli, apache-commons-io, apache-commons-codec ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20841-1 Rating:...

📄 dwol 1.0.0 Command Injection

This Python script is a security auditing tool designed to assess a potential unauthenticated command injection vulnerability in dwol. It interacts with the target application's API to register test machines and inject controlled payloads into the host parameter to determine whether arbitrary...

RHEL 8 : java-1.8.0-ibm (RHSA-2026:22139)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22139 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. Security Fixes: openjdk: OpenJDK...

Linux Distros Unpatched Vulnerability : CVE-2024-13745

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - edk2 - None Ubuntu Linux - Unknown description CVE-2024-13745 Note that Nessus relies on the presence of the package as reported by the vendor...

PT-2026-45487

Summary Type: Insecure Direct Object Reference. The issue CRUD endpoints GET / PATCH / DELETE /workspaces/workspace id/issues/issue id gate access on require workspace memberworkspace id only, then resolve issue id through IssueService.getissue id which is a primary-key lookup with no workspace...

PT-2026-45485

Summary Type: Authorization bypass enabling destructive action. The DELETE /workspaces/workspace id endpoint is gated only by require workspace memberworkspace id default min role="member". Any member of the workspace can issue a single DELETE to wipe the entire workspace, including every project...

PT-2026-45489

Summary Type: Insecure Direct Object Reference. The project CRUD endpoints GET / PATCH / DELETE /workspaces/workspace id/projects/project id and GET .../project id/stats gate access on require workspace memberworkspace id only, then resolve project id through ProjectService.getproject id /...

Linux Distros Unpatched Vulnerability : CVE-2026-49388

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - netatalk - None Ubuntu Linux - Unknown description CVE-2026-49388 Note that Nessus relies on the presence of the package as reported by the vendo...

Linux Distros Unpatched Vulnerability : CVE-2026-49390

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - netatalk - None Ubuntu Linux - Unknown description CVE-2026-49390 Note that Nessus relies on the presence of the package as reported by the vendo...

📄 Espanso 2.3.0 Configuration Injection

This Python script is a configuration manipulation tool for Espanso version 2.3.0 that modifies its YAML configuration file base.yml to add new text triggers capable of executing system commands via shell or script extensions...

PT-2026-45488

Summary Type: Insecure Direct Object Reference. The comment endpoints POST /workspaces/workspace id/issues/issue id/comments and GET .../comments gate access on require workspace memberworkspace id only, then call CommentService.createissue id=issue id, ... and CommentService.list for issueissue ...

📄 dmonitor 1.0.3 Server-Side Request Forgery / Redis Enumeration

Proof of concept demonstration exploit for dmonitor version 1.0.3 that leverages an unauthenticated server-side request forgery vulnerability to demonstrate redis access and data enumeration...

📄 MATLAB R2024a Arbitrary Local System Information Disclosure

This proof of concept tool demonstrates arbitrary local system information disclosure via MATLAB using system/fileread primitives. ================================================================================================================================== | Title : MATLAB R2024a Full...

📄 Apache ActiveMQ Jolokia Remote Code Execution

This is a proof of concept security research tool that evaluates a potential authenticated remote code execution pathway through the Jolokia management interface exposed by Apache ActiveMQ. The tool authenticates to the broker, discovers configuration details, interacts with JMX operations expose...

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in brace-expansion (CVE-2026-33750)

Summary A vulnerability in the brace-expansion string and pattern utility library CVE-2026-33750 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading the component to version 5.0.5. Vulnerability Details CVEID:CVE-2026-33750 DESCRIPTION: The brace-expansion library generate...

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in follow-redirects (CVE-2026-40895)

Summary A vulnerability in the follow-redirects drop-in HTTP/HTTPS wrapper library CVE-2026-40895 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading the component to version 1.16.0. Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source...