Important: Red Hat Security Advisory: containernetworking-plugins security update

An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

WordPress Awa Plugins plugin <= 1.4.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Awa Plugins versions = 1.4.4...

containernetworking-plugins security update

1:1.7.1-3 - Rebuild for new golang to address CVE-2025-61726 - Resolves: RHEL-146859 1:1.7.1-2 - rebuild for CVE-2025-22871 - Resolves: RHEL-90030...

ALSA-2026:3341 Important: containernetworking-plugins security update

The Container Network Interface CNI project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated...

Important: containernetworking-plugins security update

The Container Network Interface CNI project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated...

CVE-2026-27741

Bludit version 3.16.1 contains a cross-site request forgery CSRF vulnerability in the /admin/uninstall-plugin/ and /admin/install-theme/ endpoints. The application does not implement anti-CSRF tokens or other request origin validation mechanisms for these administrative actions. An attacker can...

CVE-2026-27741

Bludit version 3.16.1 contains a cross-site request forgery CSRF vulnerability in the /admin/uninstall-plugin/ and /admin/install-theme/ endpoints. The application does not implement anti-CSRF tokens or other request origin validation mechanisms for these administrative actions. An attacker can...

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.8.4 release.

Red Hat Developer Hub 1.8.4 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

PT-2026-21568

Name of the Vulnerable Software and Affected Versions Bludit version 3.16.1 Description The application lacks anti-CSRF tokens or request origin validation for administrative actions. An attacker can trick an authenticated administrator into visiting a malicious page, which silently submits craft...

CVE-2025-67972

Missing Authorization vulnerability in Zoho Mail Zoho ZeptoMail allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zoho ZeptoMail: from n/a through 3.2.9...

CVE-2026-24948

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fox-themes Reflector reflector-plugins allows Reflected XSS.This issue affects Reflector: from n/a through = 1.2.2...

CVE-2026-24955

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fox-themes Whizz Plugins whizz-plugins allows Reflected XSS.This issue affects Whizz Plugins: from n/a through = 1.9...

AZL-78246 CVE-2026-2492 affecting package tensorflow 2.11.1-2

TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TensorFlow. An attacker must first obtain the ability to execute low-privileged code on the target syste...

CVE-2026-2492

TensorFlow HDF5 Library CVE-2026-2492 is a Local Privilege Escalation affecting the TensorFlow package’s HDF5 library, caused by insecure plugin search path handling. Affected versions are

Uncontrolled Search Path Element

Overview tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Uncontrolled Search Path Element via the loading of HDF5 plugins in the Keras engine. An attacker can execute arbitrary code by placing a malicious plugin in the default search path. Remediati...

Wordfence Bug Bounty Program Monthly Report – January 2026

Last month in January 2026, the Wordfence Bug Bounty Program received 897 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfenc...

CVE-2026-24948

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fox-themes Reflector reflector-plugins allows Reflected XSS.This issue affects Reflector: from n/a through = 1.2.2...

CVE-2026-24955

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fox-themes Whizz Plugins whizz-plugins allows Reflected XSS.This issue affects Whizz Plugins: from n/a through = 1.9...

CVE-2025-67972

Missing Authorization vulnerability in Zoho Mail Zoho ZeptoMail allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zoho ZeptoMail: from n/a through 3.2.9...

com.netflix.ndbench:ndbench-cli (>=0.3.12 <=0.7.4), com.netflix.ndbench:ndbench-geode-plugins (>=0.3.5 <=0.7.4) +35 more potentially affected by CVE-2026-2818 via org.springframework.data:spring-data-geode (>=1.0.0.INCUBATING-RELEASE <=2.7.5)

org.springframework.data:spring-data-geode MAVEN version =1.0.0.INCUBATING-RELEASE, =0.3.12, =0.3.5, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =3.0.0, =3.2.1...