Spring Office Hours Podcast: S5E16 - May Release Train Shift & What's Coming in Spring Boot 4.1

Join Dan Vega and DaShaun Carter for the latest updates from the Spring Ecosystem. In this episode, Dan and DaShaun break down the recently announced shift of the May release train from May 11-22 to June 1-5, and what that means for your upgrade planning across the Spring portfolio. They also dig...

azure-ai-generative (>=1.0.0b1 <=1.0.0b3), azure-ai-resources (>=1.0.0b1 <=1.0.0b9) +15 more potentially affected by CVE-2026-2652 via mlflow-skinny (>=3.0.0 <=3.0.1)

mlflow-skinny PYPI version =3.0.0, =1.0.0b1, =1.0.0b1, =0.1.0, =0.1.0, =2.5.0, =0.0.13, =3.0.0, =0.1.0, =0.1.4 and more Source cves: CVE-2026-2652 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-16698136...

CVE-2026-6859

A flaw was found in InstructLab. The linuxtrain.py script hardcodes trustremotecode=True when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python code execution by convincing a user to run ilab train/download/generate with a specially crafted malicious model...

CVE-2026-6859

CVE-2026-6859 is a Red Hat advisory about a flaw in InstructLab where linux_train.py hardcodes trust_remote_code=True when loading models from HuggingFace. This enables arbitrary Python code execution if a user runs ilab train/download/generate with a malicious HuggingFace model, potentially lead...

PT-2026-34336

A flaw was found in InstructLab. The linux train.py script hardcodes trust remote code=True when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python code execution by convincing a user to run ilab train/download/generate with a specially crafted malicious...

Red Hat Enterprise Linux AI 安全漏洞

Red Hat Enterprise Linux AI is a Linux distribution created by the American company Red Hat for generative AI. Red Hat Enterprise Linux AI RHEL AI 3 has a security vulnerability. This vulnerability stems from the linuxtrain.py script, which loads models from HuggingFace by hardcoding...

azure-ai-generative (>=1.0.0b1 <=1.0.0b3), azure-ai-resources (>=1.0.0b1 <=1.0.0b9) +24 more potentially affected by CVE-2025-15381 via mlflow-skinny (>=3.0.0 <=3.11.0rc0)

mlflow-skinny PYPI version =3.0.0, =1.0.0b1, =1.0.0b1, =0.1.0, =0.1.0, =2.5.0, =0.0.13, =7.1.1, =3.0.0, =3.11.0rc0 and more Source cves: CVE-2025-15381 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-15870197...

This is all it takes to stop a train (Lock and Code S07E06)

This week on the Lock and Code podcast … Forget the runaway train thrillingly shot in Buster Keaton's 1926 film "The General," and never mind the charging locomotive rescued by actors Denzel Washington and Chris Pine in the 2010 film "Unstoppable," as there's a far more frequent and far less...

Deep Learning-Driven Friendly Jamming for Secure Multicarrier ISAC under Channel Uncertainty

Integrated sensing and communication ISAC systems promise efficient spectrum utilization by jointly supporting radar sensing and wireless communication. This paper presents a deep learning-driven framework for enhancing physical-layer security in multicarrier ISAC systems under imperfect channel...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 director Operator container images

Updated container images are now available for director Operator for Red Hat OpenStack Platform 16.2 Train for RHEL 8.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CVE-2022-33055

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/trains/managetrain.php...

CVE-2021-41225

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unitialized variable. If the trainnodes vector obtained from the saved model that gets optimized does not contain a Dequeue node, then dequeuenode is left unitialized. The...

MAL-2025-192788 Malicious code in elf-stats-sparkly-train-831 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ef02a08dfe80a4226f18e2451ab736a95db862186a438fdb7e2837624dbecbd8 The package elf-stats-sparkly-train-831 was found to contain malicious code...

EUVD-2025-204887

Malicious code in elf-stats-sparkly-train-831 npm...

Malicious code in elf-stats-sparkly-train-831 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ef02a08dfe80a4226f18e2451ab736a95db862186a438fdb7e2837624dbecbd8 The package elf-stats-sparkly-train-831 was found to contain malicious code...

Malicious code in elf-stats-piney-train-884 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b5d7fab007202575b6530749e2abfbd33c64feb6f48560f2eca4e1bcda5d778 The package elf-stats-piney-train-884 was found to contain malicious code...

MAL-2025-192779 Malicious code in elf-stats-piney-train-884 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b5d7fab007202575b6530749e2abfbd33c64feb6f48560f2eca4e1bcda5d778 The package elf-stats-piney-train-884 was found to contain malicious code...

EUVD-2025-204896

Malicious code in elf-stats-piney-train-884 npm...

EUVD-2025-204915

Malicious code in elf-stats-caroling-train-677 npm...

MAL-2025-192739 Malicious code in elf-stats-caroling-train-677 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6cb903108b2582a6832ecb4aee44eb0082c47ec8172d8f81f75881e1ea334c9 The package elf-stats-caroling-train-677 was found to contain malicious code...