Important: Red Hat Security Advisory: multicluster engine for Kubernetes v2.10.3 security update

The multicluster engine for Kubernetes 2.10 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. The multicluster engine for Kubernetes v2.10 images The multicluster engine for Kubernetes provides the foundational components that a...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.21 CNF IBU extras update

An update for ibu components is available for Red Hat OpenShift Container Platform 4.21. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the extra ibu container...

CVE-2026-10285

A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the component Ticket Handler. The manipulation leads to improper authorization. The attack i...

CVE-2026-35401

Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a malicious actor can include many GraphQL mutations or queries in a single API call using aliases or chaining multiple mutations, resulting in resource exhaustion. This vulnerability is fixed in...

Restricted page for a user is getting displayed in "Recently Updated" macro.

h3. Issue Summary Restricted page for a user is getting displayed in "Recently Updated" macro. h3. Steps to Reproduce In confluence 10.2.x create 3 normal users user01, user02, user03. Create a sample space using admin user. Create a page using admin user and add "Recently Updated" macro. Switch ...

Malicious Package

Overview fflc-updated is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate...

CVE-2026-10285

A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the component Ticket Handler. The manipulation leads to improper authorization. The attack i...

PT-2026-45550

A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the component Ticket Handler. The manipulation leads to improper authorization. The attack i...

OPENSUSE-SU-2026:20850-1 Security update for evince

This update for evince fixes the following issues: Changes in evince: - Update to version 48.2 bsc1265880 CVE-2026-46529: + shell: Quote strings in arguments used when calling evspawn - Update to version 48.1+6: + build: bump DjVuLibre version required + libview: Fix crash in the accessible code...

Important: Red Hat Security Advisory: RHACS 4.9.7 security and bug fix update

Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...

Security Bulletin: NVIDIA Isaac Launchable - May 2026

NVIDIA has released a software update for NVIDIA® Isaac Launchable. To protect your system, download and install the latest version of Isaac Launchable. Go to NVIDIA Product Security. Details The following table summarizes the potential vulnerabilities that this security update addresses and thei...

SUSE-SU-2026:21897-1 Security update for ucode-intel

This update for ucode-intel fixes the following issues Security issue: - CVE-2025-35979: data leaks fixed in 20260512 release bsc1265189. Non security issues: - TW 20250826 Kernel 6.16.3 tainted with value of 4 after reboot. bsc1249138. - Intel CPU Microcode was updated to the 20260512 release...

SUSE-SU-2026:21725-1 Security update for ucode-intel

This update for ucode-intel fixes the following issues Security issue: - CVE-2025-35979: data leaks fixed in 20260512 release bsc1265189. Non security issues: - TW 20250826 Kernel 6.16.3 tainted with value of 4 after reboot. bsc1249138. - Intel CPU Microcode was updated to the 20260512 release...

Critical: Red Hat Security Advisory: RHOAI 3.3.3 - Red Hat OpenShift AI

Updated images are now available for Red Hat OpenShift AI. Release of RHOAI 3.3.3 provides these changes:...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: usb: typec: fixed a potential out-of-bounds error in ucsiccgupdatesetnewcamcmd The "cmd" variable can be controlled by the user via debugfs. This means that "newcam" can be as high as 255, while the size of the uc-updated array i...

CI4MS: Stored XSS in Pages Module Content via Broken html_purify Validation Rule

Summary The Pages backend module registers the htmlpurify validation rule on language-keyed page content but persists the raw, un-purified POST value into the database. The public renderer for pages Home::index → app/Views/templates/default/pages.php emits $pageInfo-content without esc, yielding...

GHSA-HP26-Q66V-Q2W7 FlowiseAI has Mass Assignment in Assistant Update Endpoint that Allows Cross-Workspace Resource Reassignment

Summary A Mass Assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating an assistant resource. Due to missing server-side validation...

FlowiseAI has Mass Assignment in Assistant Update Endpoint that Allows Cross-Workspace Resource Reassignment

Summary A Mass Assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating an assistant resource. Due to missing server-side validation...

FlowiseAI has Mass Assignment in Chatflow Update Endpoint that Allows Cross-Workspace AgentFlow Reassignment

Summary A Mass Assignment vulnerability exists in the chatflow update endpoint of FlowiseAI. The endpoint allows clients to modify server-controlled properties such as deployed, isPublic, workspaceId, createdDate, and updatedDate when updating a chatflow object. Due to missing server-side...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the /api/v1/variables endpoint. A user can modify internal attributes such as workspaceId, createdDate, and updatedDate by...