@secustor/backstage-plugin-renovate-backend-module-runtime-direct (>=4.0.0 <=4.0.2), renovate-mcp (>=0.11.0 <=1.0.0) potentially affected by unknown CVE via renovate (>=43.118.0 <=43.46.0)

renovate NPM version =43.118.0, =4.0.0, =0.11.0, =1.0.0 Source cves: unknown CVE Source advisory: OSV:GHSA-8WC6-VGRQ-X6CF...

SUSE-SU-2026:0491-1 Security update for the Linux Kernel RT (Live Patch 4 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise kernel 6.4.0-150700.7.16 fixes various security issues The following security issues were fixed: - CVE-2025-40129: sunrpc: fix null pointer dereference on zero-length checksum bsc1253473. - CVE-2025-40186: tcp: Don't call reqskfastopenremove in...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility (CVE-2025-1470, CVE-2025-1471)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 11 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-1470 DESCRIPTION: In...

ajv has ReDoS when using `$data` option

ajv Another JSON Schema Validator through version 8.17.1 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor...

Security Bulletin: A vulnerability in IBM Semeru Runtime affects z/Transaction Processing Facility

Summary There is a vulnerability in IBM® Semeru Runtime Certified Edition 11 and IBM® Semeru Runtime Certified Edition 21 that are used by the z/TPF system. z/TPF has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the Eclipse OMR port library component sin...

RLSA-2026:2225 Critical: keylime security update

Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution. Security Fixes: keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication CVE-2026-1709 For more details about the...

Kill It with FIRE: On Leveraging Latent Space Directions for Runtime Backdoor Mitigation in Deep Neural Networks

Machine learning models are increasingly present in our everyday lives; as a result, they become targets of adversarial attackers seeking to manipulate the systems we interact with. A well-known vulnerability is a backdoor introduced into a neural network by poisoned training data or a malicious...

[SECURITY] Fedora 43 Update: envision-3.2.0-7.fc43

UI for building, configuring, and running Monado, the open source OpenXR runtime. This is still highly experimental software, while it's unlikely that anything bad will happen, it's still unstable and there is no guarantee that it will work on your system, with your particular hardware. If you...

[SECURITY] Fedora 42 Update: java-latest-openjdk-26.0.0.0.32-0.0.1.ea.fc42

The OpenJDK 26 runtime environment...

[SECURITY] Fedora 42 Update: java-25-openjdk-25.0.2.0.10-2.fc42

The OpenJDK 25 runtime environment...

[SECURITY] Fedora 42 Update: java-21-openjdk-21.0.10.0.7-2.fc42

The OpenJDK 21 runtime environment...

Wasm3 安全漏洞

Wasm3 is an open-source, fast WebAssembly interpreter and the most versatile WASM runtime. Versions of Wasm3 prior to 0.5.0 have security vulnerabilities, which stem from a memory leak in the NewCodePage function...

Siemens Desigo CC Product Family and SENTRON Powermanager

SUMMARY Versions V6.0 through V8 QU1 of the Desigo CC product family Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS, as well as the Desigo CC-based SENTRON Powermanager, are affected by a vulnerability in the underlying third-party component WIBU Systems CodeMeter Runtime...

CVE-2026-25951

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. Prior to 1.2.11, there is a flaw in the path sanitization logic allows an authenticated attacker with administrative privileges to bypass directory traversal protections. By using nested traversal sequences e.g., ....//, an...

The Myth of “Known APIs”: Why Inventory-First Security Models Are Already Obsolete

You probably think the security mantra “you can’t protect what you don’t know about” is an inarguable truth. But you would be wrong. It doesn’t hold water in today’s threat landscape. Of course, it sounds reasonable. Before you secure APIs, you must first discover, inventory, and document them...

Exploit-Kernel-Win-11-C2---WIN-11

Exploit-Kernel-Win-11-C2---WIN-11 Compilación e...

DyMA-Fuzz: Dynamic Direct Memory Access Abstraction for Re-Hosted Monolithic Firmware Fuzzing

The rise of smart devices in critical domains--including automotive, medical, industrial--demands robust firmware testing. Fuzzing firmware in re-hosted environments is a promising method for automated testing at scale, but remains difficult due to the tight coupling of code with a...

One RNG to Rule Them All: How Randomness Becomes an Attack Vector in Machine Learning

Machine learning relies on randomness as a fundamental component in various steps such as data sampling, data augmentation, weight initialization, and optimization. Most machine learning frameworks use pseudorandom number generators as the source of randomness. However, variations in design choic...

Security Bulletin: A vulnerability in IBM Semeru Runtime affects z/Transaction Processing Facility

Summary There is a vulnerability in IBM® Semeru Runtime Certified Edition 11 and IBM® Semeru Runtime Certified Edition 21 that are used by the z/TPF system. z/TPF has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-53057 DESCRIPTION: An unspecified vulnerability in Java SE...

SUSE CVE-2026-1998

A flaw has been found in micropython up to 1.27.0. This vulnerability affects the function mpimportall of the file py/runtime.c. This manipulation causes memory corruption. The attack needs to be launched locally. The exploit has been published and may be used. Patch name:...