JLSEC-2026-109 Deno run with --allow-read and --deny-read flags results in allowed

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.41.3 and prior to versions 2.1.13, 2.2.13, and 2.3.2, deno run --allow-read --deny-read main.ts results in allowed, even though 'deny' should be stronger. The result is the same with all global unary permissions give...

JLSEC-2026-101

Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the upgradeWebSocket function, which contains regexes in the form of /s,s/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to...

CVE-2026-6264

A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by requiring TLS client...

CVE-2026-6264 Critical Security fix for the Talend JobServer and Talend Runtime

A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by requiring TLS client...

EUVD-2026-22203

A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by requiring TLS client...

CVE-2026-6264

CVE-2026-6264 affects Talend JobServer and Talend Runtime. An unauthenticated remote code execution is possible via the JMX monitoring port on the JobServer. For mitigation: enable TLS client authentication on the JobServer’s JMX monitoring port and apply the patch for full protection. On Talend ...

CVE-2026-6264

A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by requiring TLS client...

CVE-2026-6264 Critical Security fix for the Talend JobServer and Talend Runtime

A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by requiring TLS client...

CLEANSTART-2026-QZ16523 Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate

Multiple security vulnerabilities affect the modelmesh-runtime-adapter package. Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. See references for individual vulnerability details...

PT-2026-32590

Name of the Vulnerable Software and Affected Versions Talend JobServer affected versions not specified Talend Runtime versions prior to R2024-07-RT Description Unauthenticated remote code execution is possible via the JMX monitoring port. Recommendations Require TLS client authentication for the...

Qlik Talend JobServer和Qlik Talend Runtime 安全漏洞

Qlik Talend JobServer and Qlik Talend Runtime are both products of Qlik, a US-based company. Qlik Talend JobServer is a data integration task execution and scheduling service component. Qlik Talend Runtime is a data integration and application runtime environment platform. Both Qlik Talend...

Security Bulletin: IBM i is Affected by Security Control Bypass and Uncontrolled Resource Consumption Vulnerabilities in IBM Java SDK and IBM Java Runtime [CVE-2026-21925, CVE-2026-21933, CVE-2026-21932, CVE-2026-21945]

Summary IBM SDK Java Technology Edition and IBM Runtime Environment Java used by IBM i to support the building and running of Java applications are vulnerable to denial-of-service CVE-2026-21945 and bypassing security controls to read and change data CVE-2026-21932, CVE-2026-21933, CVE-2026-21925...

EUVD-2026-22124

jq is a command-line JSON processor. In versions 1.8.1 and below, functions jvsetpath, jvgetpath, and delpathssorted in jq's src/jvaux.c use unbounded recursion whose depth is controlled by the length of a caller-supplied path array, with no depth limit enforced. An attacker can supply a JSON...

[SECURITY] Fedora 44 Update: kf6-kimageformats-6.24.0-3.fc44

This framework provides additional image format plugins for QtGui. As such it is not required for the compilation of any other software, but may be a runtime requirement for Qt-based software to support certain image formats...

[SECURITY] Fedora 44 Update: kf5-kimageformats-5.116.0-8.fc44

This framework provides additional image format plugins for QtGui. As such it is not required for the compilation of any other software, but may be a runtime requirement for Qt-based software to support certain image formats...

Oracle Linux 10 : nodejs24 (ELSA-2026-7675)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-7675 advisory. 1:24.14.1-2.0.2 - Rebuild to correct NVR 1:24.14.1-2.0.1 - Update upstream references Tenable has extracted the preceding description block directly...

OESA-2026-1859 firewalld security update

firewalld is a firewall service daemon that provides a dynamic customizable firewall with a D-Bus interface. Security Fixes: A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus Desktop Bus setters, setZoneSettings2 and...

OESA-2026-1856 firewalld security update

firewalld is a firewall service daemon that provides a dynamic customizable firewall with a D-Bus interface. Security Fixes: A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus Desktop Bus setters, setZoneSettings2 and...

OESA-2026-1857 firewalld security update

firewalld is a firewall service daemon that provides a dynamic customizable firewall with a D-Bus interface. Security Fixes: A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus Desktop Bus setters, setZoneSettings2 and...

RockyLinux 8 : kernel-rt (RLSA-2026:6572)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:6572 advisory. kernel: nouveau: fix instmem race condition around ptr stores CVE-2024-26984 kernel: scsi: target: iscsi: Fix use-after-free in iscsitdecsessionusagecoun...