Security Bulletin: IBM WebSphere Application Server Liberty is affected by server-side request forgery (CVE-2026-1561)

Summary IBM WebSphere Application Server Liberty is affected by server-side request forgery with the samlWeb-2.0 feature enabled. Vulnerability Details CVEID:CVE-2026-1561 DESCRIPTION: IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery SSRF. This may allow remot...

Linux Distros Unpatched Vulnerability : CVE-2026-33167

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does no...

SUSE-SU-2026:1088-1 Security update for the Linux Kernel (Live Patch 67 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise Kernel 4.12.14-122.255 fixes various security issues The following security issues were fixed: - CVE-2022-50423: ACPICA: Fix use-after-free in acpiutcopyipackagetoipackage bsc1250785. - CVE-2022-50697: mrp: introduce active flags to prevent UAF when...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to HTTP header injection (CVE-2025-14807)

Summary A HTTP header injection vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-14807 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This coul...

Security update for the Linux Kernel (Live Patch 28 for SUSE Linux Enterprise 15 SP5)

This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.113 fixes various security issues The following security issues were fixed: CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit bsc1255595. CVE-2023-53257: wifi: mac80211: check S1G action frame size...

UBUNTU-CVE-2026-23383

In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing struct bpfplt contains a u64 target field. Currently, the BPF JIT allocator requests an alignment of 4 bytes sizeofu32 for the JIT buffer. Because the ba...

SUSE CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

SUSE: Security Advisory (SUSE-SU-2026:0949-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM InfoSphere Information Server is vulnerable due to information exposure (CVE-2026-2484)

Summary An information exposure vulnerability was addressed in IBM InfoSphere Information Server. Vulnerability Details CVEID:CVE-2026-2484 DESCRIPTION: InfoSphere Information Server is affected by an information exposure vulnerability caused by overly verbose error messages. CWE:CWE-209:...

Security Bulletin: IBM InfoSphere Information Server is vulnerable due to disclosure of sensitive information (CVE-2026-1014)

Summary A sensitive information disclosure vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2026-1014 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to exposure of sensitive information via JSON server response manipulation...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Commons Lang (CVE-2025-48924)

Summary A vulnerability in Apache Commons Lang that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...

Security Bulletin: IBM WebSphere Application Server Liberty is affected by a prototype pollution vulnerability due to immutable (CVE-2026-29063)

Summary There is a vulnerability in the immutable library which affects IBM WebSphere Application Server Liberty with the openapi-3.0, openapi-3.1, mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, mpOpenAPI-3.0 mpOpenAPI-3.1, mpOpenAPI-4.0 or mpOpenAPI-4.1 feature enabled. Vulnerability Details...

CVE-2026-33167

A flaw was found in Action Pack, a component of the Rails framework. A remote attacker could exploit this vulnerability by crafting a malicious exception message. When this message is displayed on the debug exceptions page, the improper escaping of the message allows for the injection of arbitrar...

CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

UBUNTU-CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

CVE-2026-33167 Rails has a possible XSS vulnerability in its Action Pack debug exceptions

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

CVE-2026-33167 Rails has a possible XSS vulnerability in its Action Pack debug exceptions

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

CVE-2026-33167

CVE-2026-33167 is related to a Rails XSS in Action Pack debug exceptions. Affected component: Rails Action Pack debug exceptions page when detailed exception pages are enabled (config.consider_all_requests_local = true). Root cause: exception messages are not properly escaped, allowing injection ...