Important: Red Hat Security Advisory: grafana-pcp security update

An update for grafana-pcp is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Nuclei 3.8.0

Nuclei is a modern, high-performance vulnerability scanner that leverages simple YAML-based templates. It empowers you to design custom vulnerability detection scenarios that mimic real-world conditions, leading to zero false positives...

RHEL 9 : grafana-pcp (RHSA-2026:8845)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:8845 advisory. The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace...

PT-2026-33645

Name of the Vulnerable Software and Affected Versions Apktool versions 3.0.0 through 3.0.1 Description A path traversal issue in brut/androlib/res/decoder/ResFileDecoder.java allows a maliciously crafted APK to write arbitrary files to the filesystem during standard decoding using the apktool d...

CVE-2026-40476

graphql-go is a Go implementation of GraphQL. In versions 15.31.4 and below, the OverlappingFieldsCanBeMerged validation rule performs On² pairwise comparisons of fields sharing the same response name. An attacker can send a query with thousands of repeated identical fields, causing excessive CPU...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Spring Framework

Summary Due to use of the Spring Framework, DevOps Test Performance and Rational Performance Tester contain a potential path traversal vulnerability. Vulnerability Details CVEID:CVE-2026-22737 DESCRIPTION: Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Netty framework

Summary Due to use of the Netty framework, DevOps Test Performance and Rational Performance Tester contain a potential HTTP request smuggling vulnerability. Vulnerability Details CVEID:CVE-2026-33870 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the brace-expansion Node.js library

Summary Due to use of the brace-expansion Node.js library, DevOps Test Performance and Rational Performance Tester contain a potential Denial of Service DoS vulnerability. Vulnerability Details CVEID:CVE-2026-33750 DESCRIPTION: The brace-expansion library generates arbitrary strings containing a...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of yaml JavaScript library

Summary Due to use of the yaml JavaScript library, DevOps Test Performance and Rational Performance Tester contain a potential Denial of Service DoS vulnerability. Vulnerability Details CVEID:CVE-2026-33532 DESCRIPTION: yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Undertow web server library

Summary Due to use of the Undertow web server library, DevOps Test Performance and Rational Performance Tester contain a potential Denial of Service DoS vulnerability. Vulnerability Details CVEID:CVE-2026-3260 DESCRIPTION: A flaw was found in Undertow. A remote attacker could exploit this...

Security Bulletin: DevOps Test Performance contains vulnerabilities related to use of the Lodash JavaScript library

Summary Due to use of the Lodash JavaScript library, DevOps Test Performance and Rational Performance Tester contain potential Prototype Pollution and Arbitrary Code Injection vulnerabilities. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are...

Security Bulletin: DevOps Test Performance contains vulnerabilities related to use of the Lodash JavaScript library

Summary Due to use of the Lodash JavaScript library, DevOps Test Performance and Rational Performance Tester contain potential Arbitrary Code Injection and Prototype Pollution vulnerabilities. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the jakarta.mail library

Summary Due to use of the jakarta.mail library, DevOps Test Performance and Rational Performance Tester contain a potential SMTP injection vulnerability. Vulnerability Details CVEID:CVE-2025-7962 DESCRIPTION: In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \r and...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the xmldom JavaScript library

Summary Due to use of the xmldom JavaScript library, DevOps Test Performance and Rational Performance Tester contain a potential XML injection vulnerability. Vulnerability Details CVEID:CVE-2026-34601 DESCRIPTION: xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of Spring Security

Summary Due to use of Spring Security, DevOps Test Performance and Rational Performance Tester contain a vulnerability that can potentially result in clickjacking, XSS, and sensitive data exposure via caching. CVE-2026-22732 Vulnerability Details CVEID:CVE-2026-22732 DESCRIPTION: When application...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the form-data libary

Summary Due to use of the form-data library, DevOps Test Performance and Rational Performance Tester contain a potential HTTP Parameter Pollution HPP vulnerability CVE-2025-7783. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data...

SUSE-FU-2026:21213-1 Feature update for libgcrypt, libgpg-error

This update for libgcrypt, libgpg-error fixes the following issues: Update libgcrypt to 1.12.1 jscPED-15059: New and extended interfaces: - Allow access to the FIPS service indicator via the new GCRYCTLFIPSSERVICEINDICATOR control code. - Make SHA-1 non-FIPS internally for the 1.12 API - Add...

sms 安全漏洞

SMS is a student performance management system developed by Jeffrey as an individual project. SMS has a security vulnerability, which stems from the handling of the parameter ID in the file admin/deletecourse.php. This vulnerability may lead to SQL injection attacks...

sms 安全漏洞

SMS is a student performance management system developed by QUERYMINE. SMS has a security vulnerability, which stems from unknown code in the admin/editcourse.php file of the GET Request Parameter Handler component. This code allows for SQL injection attacks on parameter IDs, potentially leading ...

sms 安全漏洞

SMS is a student performance management system developed by QUERYMINE. SMS has a security vulnerability, which stems from the handling of the image parameter in the admin/addteacher.php file. This vulnerability may lead to arbitrary file uploads...