GHSA-QRVQ-68C2-7GRW vulnerabilities

Vulnerabilities for packages: nats-top-fips, telegraf, rke2-runtime, nats-top, kine, k3s...

@enclave-vm/broker (>=2.10.0 <=2.10.1), @enclave-vm/core (>=2.10.0 <=2.10.1) +1 more potentially affected by CVE-2026-27597 via @enclave-vm/ast (>=2.10.0 <=2.10.1)

@enclave-vm/ast NPM version =2.10.0, =2.10.0, =2.10.0, =2.10.0, =2.10.1 Source cves: CVE-2026-27597 Source advisory: SNYK:JS-ENCLAVEVMAST-15366962...

Security Bulletin: The IBM SPSS Collaboration and Deployment Services impacted by multiple vulnerabilities disclosed in IBM Semeru Runtime

Summary The IBM SPSS Collaboration and Deployment Services impacted by multiple vulnerabilities disclosed in IBM Semeru Runtime CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925, CVE-2026-1188. These vulnerabilities are addressed. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTIO...

HDF5 Plugin 2.17.0 Path Audit

This script demonstrates a controlled security audit scenario targeting the HDF5 dynamic plugin loading mechanism. It compiles a shared C library that mimics a legitimate HDF5 filter plugin by implementing the required H5Zclass2t structure and registration functions H5PLgetplugintype,...

ALSA-2026:3291 Important: runc security update

The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: net/url: Memory exhaustion in query...

PT-2026-22033

Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.0.0 Description The restoreConfig function in Vikunja fails to properly validate file paths within ZIP archives used for restoration. A specially crafted ZIP file can bypass directory restrictions, potentially...

UBUNTU-CVE-2026-27204

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implementation of WASI host interfaces are susceptible to guest-controlled resource exhaustion on the host. Wasmtime did not appropriately place limits on resource allocations requested...

CVE-2026-27204 Wasmtime WASI implementations are vulnerable to guest-controlled resource exhaustion

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implementation of WASI host interfaces are susceptible to guest-controlled resource exhaustion on the host. Wasmtime did not appropriately place limits on resource allocations requested...

Fiber has a Denial of Service Vulnerability via Route Parameter Overflow

A denial of service vulnerability exists in Fiber v2 and v3 that allows remote attackers to crash the application by sending requests to routes with more than 30 parameters. The vulnerability results from missing validation during route registration combined with an unbounded array write during...

auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +105 more potentially affected by CVE-2026-27204 via wasmtime (>=0.10.0 <=1.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2026-27204 Source advisory: OSV:GHSA-852M-CVVP-9P4W...

Security Bulletin: A vulnerability in IBM Java Runtime affects Tivoli Netcool/OMNIbus ( CVE-2026-1188)

Summary A vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus has been addressed. Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the Eclipse OMR port library component since release 0.2.0, an API function to return the...

UBUNTU-CVE-2026-2764

JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

CVE-2026-2796

JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability affects Firefox 148 and Thunderbird 148...

auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +105 more potentially affected by CVE-2026-27204 via wasmtime (>=0.10.0 <=1.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2026-27204 Source advisory: OSV:RUSTSEC-2026-0020...

Security update for libxml2

This update for libxml2 fixes the following issues: CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in xmlCatalogXMLResolveURI. bsc1256807, bsc1256811 CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to...

CVE-2025-11165

A sandbox escape vulnerability exists in dotCMS’s Velocity scripting engine VTools that allows authenticated users with scripting privileges to bypass class and package restrictions enforced by SecureUberspectorImpl. By dynamically modifying the Velocity engine’s runtime configuration and...

CVE-2025-11165

A sandbox escape vulnerability exists in dotCMS’s Velocity scripting engine VTools that allows authenticated users with scripting privileges to bypass class and package restrictions enforced by SecureUberspectorImpl. By dynamically modifying the Velocity engine’s runtime configuration and...

Wiz Leads the 2026 Latio Application Security Report with awards in 4 categories

Wiz has been recognized in the 2026 Latio Application Security Report. Wiz was spotlighted and awarded four distinct badges, reflecting our continuous commitment to protecting applications all the way from code to runtime...

GO-2026-4517 Kata Container to Guest micro VM privilege escalation in github.com/kata-containers/kata-containers/src/runtime

Kata Container to Guest micro VM privilege escalation in github.com/kata-containers/kata-containers/src/runtime...

CVE-2026-21435 vulnerabilities

Vulnerabilities for packages: ipfs-cluster, spegel, ipfs-cluster-fips, rke2-runtime, kubo, spegel-fips, k3s...