CVE-2026-57281

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the...

CVE-2026-46937

Vulnerability in the Oracle iSetup product of Oracle E-Business Suite component: General Ledger Update Transform, Reports. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

PT-2026-50040

Name of the Vulnerable Software and Affected Versions Oracle iSetup versions 12.2.3 through 12.2.15 Description An issue exists in the General Ledger Update Transform, Reports component of the Oracle iSetup product within Oracle E-Business Suite. A low privileged attacker with network access via...

[SECURITY] Fedora 43 Update: xmlstarlet-1.6.1-30.fc43

XMLStarlet is a set of command line utilities which can be used to transform, query, validate, and edit XML documents and files using simple set of shell commands in similar way it is done for plain text files using UNIX grep, sed, awk, diff, patch, join, etc commands...

[SECURITY] Fedora 44 Update: xmlstarlet-1.6.1-30.fc44

XMLStarlet is a set of command line utilities which can be used to transform, query, validate, and edit XML documents and files using simple set of shell commands in similar way it is done for plain text files using UNIX grep, sed, awk, diff, patch, join, etc commands...

SUSE-SU-2026:2286-1 Security update for libjxl

This update for libjxl fixes the following issues: Security fixes: - CVE-2025-70103: heap buffer overflow when hen processing crafted pbm-images due to insufficient bounds checks bsc1266460. Other fixes: - Update to version 0.10.5: - fix tile dimension in low memory rendering pipeline. - fix numb...

USN-8388-1: Linux kernel vulnerabilities

It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...

@redhat-cloud-services/frontend-components-config (>=6.0.0 <=6.11.2) potentially affected by unknown CVE via @redhat-cloud-services/tsc-transform-imports (=1.2.1)

@redhat-cloud-services/tsc-transform-imports NPM version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on @redhat-cloud-services/tsc-transform-imports and may be impacted: - @redhat-cloud-services/frontend-components-config =6.0.0, =6.11.2 Source...

PT-2026-44911

Name of the Vulnerable Software and Affected Versions Axios versions 0.19.0 through 0.31.0 Axios versions 1.x through 1.15.1 Description Axios contains prototype-pollution gadgets in its request configuration processing. If a separate vulnerability in the same JavaScript process allows an attacke...

PT-2026-44316

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the xfrm AH implementation where the system fails to account for Extended Sequence Number ESN high bits in asynchronous callbacks. When ESN is enabled, the asynchronou...

CVE-2026-45905

In the Linux kernel, the following vulnerability has been resolved: xfrm: fix iprtbug race in icmproutelookup reverse path icmproutelookup performs multiple route lookups to find a suitable route for sending ICMP error messages, with special handling for XFRM IPsec policies. The lookup sequence i...

JLSEC-2026-551

openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c...

CVE-2026-44728 Improper Control of Generation of Code when compiling specifically crafted malicious code with @babel/plugin-transform-modules-systemjs

Babel is a compiler for writing next generation JavaScript. From 7.12.0 to before 7.29.4 and 8.0.0-alpha.13, using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code. This vulnerability is fixed in 7.29.4 and...

CVE-2026-44728 Improper Control of Generation of Code when compiling specifically crafted malicious code with @babel/plugin-transform-modules-systemjs

Babel is a compiler for writing next generation JavaScript. From 7.12.0 to before 7.29.4 and 8.0.0-alpha.13, using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code. This vulnerability is fixed in 7.29.4 and...

CVE-2026-44728

CVE-2026-44728 affects Babel, a JavaScript compiler. Vulnerability occurs when compiling code that is specifically crafted by an attacker, enabling output code to execute arbitrary code. Affects Babel versions 7.12.0 through before 7.29.4 and 8.0.0-alpha.13. Root cause is the generation of advers...

kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel

A flaw was found in the Linux kernel's xfrm-ESP and RxRPC subsystems. Unsafe in-place cryptographic processing of shared socket buffer fragments allows a low-privileged local attacker to corrupt page-cache contents of readable files, including sensitive system files, and gain root privileges. The...

kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel

A flaw was found in the Linux kernel's xfrm-ESP and RxRPC subsystems. Unsafe in-place cryptographic processing of shared socket buffer fragments allows a low-privileged local attacker to corrupt page-cache contents of readable files, including sensitive system files, and gain root privileges. The...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: xfrm: fixed the refcount leak in xfrmmigratepolicyfind Syzkaller reported a memory leak in xfrmpolicyalloc: BUG: Memory leak Unreferenced object 0xffff888114d79000 size 1024: comm “syz.1.17”, pid 931 … xfrmpolicyalloc+0xb3/0x4b0...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: xfrm: fixed a slab-use-after-free issue in decodeSession6 When the xfrm device is set to the qdisc of the sfb type, the cb field of the sentskb may be modified during enqueuing. This can lead to a slab-use-after-free when the xfr...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fixed a slab-out-of-bounds issue in smb2allocaterspbuf. If -ProtocolId is set to SMB2 TRANSFORMPROTONUM, the validation of the request size could be skipped. If the request size is smaller than sizeofstruct smb2queryinfore...