Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the path-to-regexp package

Summary Due to use of the path-to-regexp package, DevOps Test Performance and Rational Performance Tester contain a potential Regular Expression Denial of Service ReDoS vulnerability. Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression is generated any time you...

Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF19 patch. Vulnerability Details CVEID:CVE-2022-39135 DESCRIPTION: Apache Calcite 1.22.0 introduced the SQL operators EXISTSNODE, EXTRACTXML, XMLTRANSFORM and EXTRACTVALUE do not restrict XML Extern...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011028)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011028 advisory. In the Linux kernel, the following vulnerability has been resolved: ntbnetdev: Use devkfreeskbany in interrupt context TX/RX callback handlers ntbnetdevtxhandler,...

Evaluating LLM-Generated Obfuscated XSS Payloads for Machine Learning-Based Detection

Cross-site scripting XSS remains a persistent web security vulnerability, especially because obfuscation can change the surface form of a malicious payload while preserving its behavior. These transformations make it difficult for traditional and machine learning-based detection systems to reliab...

Adding Compilation Metadata to Binaries to Make Disassembly Decidable

The binary executable format is the standard method for distributing and executing software. Yet, it is also as opaque a representation of software as can be. If the binary format were augmented with metadata that provides security-relevant information, such as which data is intended by the...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-011141)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011141 advisory. In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd/core: Always clear status for idx The variable 'status' which contains the unhandled...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006950)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006950 advisory. In the Linux kernel, the following vulnerability has been resolved: ntbnetdev: Use devkfreeskbany in interrupt context TX/RX callback handlers ntbnetdevtxhandler,...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-011048)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011048 advisory. In the Linux kernel, the following vulnerability has been resolved: perf: hisi: Fix use-after-free when register pmu fails When we fail to register the uncore pmu, t...

Important: Red Hat Security Advisory: grafana-pcp security update

An update for grafana-pcp is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Security update for docker

This update for docker rebuilds it against the current go 1.25 security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: SUSE Linux...

Security update for runc

This update for runc rebuilds it against the current go 1.25 security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: SUSE Linux Enterpri...

Security update for cosign

This update for cosign rebuilds it against the current go 1.25 security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: SUSE Linux...

Security Bulletin: DevOps Test Performance contains a vulnerability due to use of Spring Boot

Summary Due to use of Spring Boot, DevOps Test Performance and Rational Performance Tester contain a potential authentication bypass vulnerability. Vulnerability Details CVEID:CVE-2026-22731 DESCRIPTION: Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass"...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of Spring Framework MVC and WebFlux

Summary Due to use of Spring Framework MVC and WebFlux, DevOps Test Performance and Rational Performance Tester contain a potential stream corruption vulnerability. Vulnerability Details CVEID:CVE-2026-22735 DESCRIPTION: Spring MVC and WebFlux applications are vulnerable to stream corruption when...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use Apache CXF

Summary Due to use of Apache CXF, DevOps Test Performance and Rational Performance Tester contain a potential Denial of Service DoS vulnerability. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Undertow web server

Summary Due to use of the Undertow web server, DevOps Test Performance and Rational Performance Tester contain a potential Denial of Service DoS vulnerability. Vulnerability Details CVEID:CVE-2025-9784 DESCRIPTION: A flaw was found in Undertow where malformed client requests can trigger server-si...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of Apache Commons Lang

Summary Due to use of Apache Commons Lang, DevOps Test Performance and Rational Performance Tester contain a potential Denial of Service DoS vulnerability. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apach...

Important: Red Hat Security Advisory: grafana-pcp security update

An update for grafana-pcp is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: grafana-pcp security update

An update for grafana-pcp is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

Important: Red Hat Security Advisory: grafana-pcp security update

An update for grafana-pcp is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...