Azure Linux 3.0 Security Update: kernel (CVE-2025-38004)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38004 advisory. - In the Linux kernel, the following vulnerability has been resolved: can: bcm: add locking for bcmop runtime...

Azure Linux 3.0 Security Update: kernel (CVE-2024-46846)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46846 advisory. - In the Linux kernel, the following vulnerability has been resolved: spi: rockchip: Resolve unbalanced runtim...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38136)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38136 advisory. - In the Linux kernel, the following vulnerability has been resolved: usb: renesasusbhs: Reorder clock handlin...

Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-27004)

The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27004 advisory. - In the Linux kernel, the following vulnerability has been resolved: clk: Get runtime PM before walki...

Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-26963)

The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-26963 advisory. - In the Linux kernel, the following vulnerability has been resolved: usb: dwc3-am62: fix module...

Security Bulletin: OpenPages is vulnerable to IBM Semeru Runtime Quarterly CPU -October 2025 - Includes OpenJDK October 2025 CPU vilnerabilities

Summary Security Bulletin: OpenPages is vulnerable to IBM Semeru Runtime Quarterly CPU - October 2025 - Includes OpenJDK October 2025 CPU vilnerabilities with CVEs CVE-2025-53057, CVE-2025-53066 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

[SECURITY] Fedora 42 Update: golang-github-tetratelabs-wazero-1.11.0-1.fc42

WebAssembly is a way to safely run code compiled in other languages. Runtimes execute WebAssembly Modules Wasm, which are most often binaries with a .wasm extension. wazero is a WebAssembly Core Specification 1.0 and 2.0 compliant runtime written in Go. It has zero dependencies, and doesn't rely ...

EUVD-2026-3563

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are 9.2.0.0-9.2.26.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...

CVE-2026-21946

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are 9.2.0.0-9.2.26.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...

CVE-2026-21946

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are 9.2.0.0-9.2.26.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...

CVE-2026-21946

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are 9.2.0.0-9.2.26.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the debug/pprof endpoints. An attacker can access sensitive server internals, including runtime profiling data and in-memory application state, and trigger CPU-intensive profiling operations that could impact...

CVE-2025-11044

An Allocation of Resources Without Limits or Throttling vulnerability in the ANSL-Server component of B Automation Runtime versions prior to 6.5 and prior to R4.93 could be exploited by an unauthenti-cated attacker on the network to win a race condition, resulting in permanent denial-of-service D...

security-antipatterns-java

Security Anti-Patterns for Java AI coding agents write insecu...

PT-2026-3696

Name of the Vulnerable Software and Affected Versions Oracle JD Edwards versions 9.2.0.0 through 9.2.26.0 Description A flaw exists within the Web Runtime SEC component of Oracle JD Edwards EnterpriseOne Tools that allows an unauthenticated attacker with network access via HTTP to compromise the...

Rockwell Automation Verve Asset Manager security vulnerability

Rockwell Automation Verve Asset Manager is a supplier-neutral OT endpoint management platform provided by Rockwell Automation. There is a security vulnerability in Rockwell Automation Verve Asset Manager, which stems from the Ansible playbook component storing plaintext keys incorrectly during...

MiracleLinux 8 : dotnet6.0-6.0.118-1.el8.ML.1 (AXSA:2023-6205:16)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6205:16 advisory. dotnet: .NET Kestrel: Denial of Service processing X509 Certificates CVE-2023-29331 dotnet: vulnerability exists in NuGet where a potential race...

MiracleLinux 8 : unbound-1.16.2-5.el8_9.6 (AXSA:2024-7684:04)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7684:04 advisory. A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime...

MiracleLinux 8 : git-2.39.3-1.el8 (AXSA:2023-6144:10)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6144:10 advisory. git: by feeding specially crafted input to git apply --reject, a path outside the working tree can be overwritten with partially controlled contents...

MiracleLinux 7 : rh-nodejs12-nodejs-nodemon-2.0.3-2.el7, rh-nodejs12-nodejs-12.22.2-1.el7 (AXSA:2021-2259:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2259:02 advisory. nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl CVE-2021-23362 nodejs-ssri: Regular expression DoS ReDoS...