PT-2026-32091

The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.2. This is due to insufficient input sanitization and output escaping on the user-supplied 's'...

WordPress plugin Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

[SECURITY] Fedora 42 Update: libcgif-0.5.3-1.fc42

A fast and lightweight GIF encoder that can create GIF animations and images. Summary of the main features: - user-defined global or local color-palette with up to 256 colors limit of the GIF format - size-optimizations for GIF animations: - option to set a pixel to transparent if it has identica...

[SECURITY] Fedora 43 Update: libcgif-0.5.3-1.fc43

A fast and lightweight GIF encoder that can create GIF animations and images. Summary of the main features: - user-defined global or local color-palette with up to 256 colors limit of the GIF format - size-optimizations for GIF animations: - option to set a pixel to transparent if it has identica...

Scaling Modern AppSec: Moving from Static Profiles to AI-Powered Scan Optimization

Key Highlights The Scale Challenge: As application portfolios grow and release cycles accelerate, traditional scanning models create a forced trade-off between coverage, cost, and velocity – leading to silent gaps that only surface during audits or incidents. The AI Solution: AI-powered scan...

OPENSUSE-SU-2026:20803-1 Security update for patterns-glibc-hwcaps

This update for patterns-glibc-hwcaps fixes the following issues: The pattern is moved from PackageHub to regular SLES. It requires packages for the x8664 v3 architecture and is automatically pulled in when this architecture is present. These packages are optimized for the x8664 v3 architecture t...

SUSE-SU-2026:21215-1 Security update for patterns-glibc-hwcaps

This update for patterns-glibc-hwcaps fixes the following issues: The pattern is moved from PackageHub to regular SLES. It requires packages for the x8664 v3 architecture and is automatically pulled in when this architecture is present. These packages are optimized for the x8664 v3 architecture t...

GHSA-5478-66C3-RHXR Pretext: Algorithmic Complexity (DoS) in the text analysis phase

isRepeatedSingleCharRun in src/analysis.ts line 285 re-scans the entire accumulated segment on every merge iteration during text analysis, producing On² total work for input consisting of repeated identical punctuation characters. An attacker who controls text passed to prepare can block the main...

Important: Red Hat Security Advisory: Red Hat AI Inference Server Model Optimization Tools 3.2.2 (CUDA)

Red Hat AI Inference Server Model Optimization Tools 3.2.2 CUDA is now available. Red Hat® AI Inference Server Model Optimization Tools...

Towards Unveiling Vulnerabilities of Large Reasoning Models in Machine Unlearning

Large language models LLMs possess strong semantic understanding, driving significant progress in data mining applications. This is further enhanced by large reasoning models LRMs, which provide explicit multi-step reasoning traces. On the other hand, the growing need for the right to be forgotte...

Mozilla Firefox IonMonkey Switch Statement Optimization Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within IonMonkey when...

CVE-2025-66442

In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel in RSA and CBC/ECB decryption that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected...

UBUNTU-CVE-2025-66442

In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel in RSA and CBC/ECB decryption that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected...

[SECURITY] Fedora 43 Update: chunkah-0.3.2-1.fc43

chunkah is an OCI building tool that takes a flat rootfs and outputs a layered OCI image with content-based layers. It optimizes container image layer reuse by grouping files based on their content e.g., by RPM package rather than by Dockerfile instruction order. It is a generalized successor to...

CVE-2025-66442

In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel in RSA and CBC/ECB decryption that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected...

EUVD-2026-14984

Astro: Remote allowlist bypass via unanchored matchPathname wildcard...

CVE-2026-33636

CVE-2026-33636 targets the libpng library. In libpng versions 1.6.36–1.6.55, an ARM/AArch64 Neon-optimized palette expansion path permits an out-of-bounds read and an out-of-bounds write when expanding 8-bit paletted rows to RGB/RGBA. The Neon loop processes a final partial chunk without verifyin...

CVE-2026-33636

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit...

CVE-2026-33769

Astro is a web framework. From version 2.10.10 to before version 5.18.1, this issue concerns Astro's remotePatterns path enforcement for remote URLs used by server-side fetchers such as the image optimization endpoint. The path matching logic for / wildcards is unanchored, so a pathname that...

CVE-2026-2352

The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'aopostpreload' meta value in all versions up to, and including, 3.1.14. This is due to insufficient input sanitization in the aometaboxsave function and missing output escaping when the value is rendered in...