OpenAM Account Takeover via Unverified Password Change in OAuth2 Module

Summary Description An Unverified Password Change CWE-620 and Use of Weak Credentials CWE-1391 issue in OpenAM's OAuth2 authentication module silently rewrites a local user's password to the literal string of their username on OAuth2 re-login of an existing account. The default ldapService chain...

OpenAM Authentication Bypass via MSISDN LDAP Injection

Summary Description An LDAP Injection CWE-90 vulnerability in the MSISDN authentication module allows an unauthenticated, remote attacker to obtain an arbitrary OpenAM session without a password in the default trusted gateway configuration. This impacts OpenAM Community Edition through version...

fluent-plugin-opentelemetry Has Denial of Service (DoS) via Large Payloads and Decompression Bombs in `in_opentelemetry`

The fluent-plugin-opentelemetry plugin specifically the inopentelemetry HTTP input lacked strict size limits on incoming requests. It was discovered that the plugin read the entire request body and decompressed payloads into memory without enforcing maximum size thresholds. If the OpenTelemetry...

fluent-plugin-s3 Vulnerable to Denial of Service (DoS) via Decompression Bomb in `in_s3`

The fluent-plugin-s3 plugin specifically the ins3 input plugin supports reading and decompressing heavily compressed files such as gzip, lzma2, and lzop from Amazon S3. It was discovered that the plugin read the entire decompressed payload into memory at once without enforcing a strict size limit...

Fluentd is Vulnerable to Server-Side Request Forgery (SSRF) via Placeholder Expansion in `out_http`

The outhttp output plugin allows the use of placeholders such as $tag in the endpoint configuration parameter. It was discovered that if the placeholder value is derived from untrusted user input, an attacker can maliciously control the destination hostname of the outbound HTTP requests made by...

Fluentd is Vulnerable to Denial of Service (DoS) via Gzip Decompression Bomb in `in_http` and `in_forward`

Fluentd's inhttp and inforward plugins support receiving gzip-compressed data. While Fluentd correctly enforces size limits on the incoming compressed payloads e.g., via bodysizelimit or chunksizelimit, it was discovered that there is no limit enforced on the size of the decompressed data. If a...

Fluentd is Vulnerable to Exposure of Sensitive Information via Monitor Agent API

Fluentd's Monitor Agent plugin inmonitoragent exposes internal metrics and plugin information via a REST API. It was discovered that the API response /api/plugins.json and related endpoints unintentionally includes internal instance variables of loaded plugins. If any plugins store sensitive...

Fluentd is Vulnerable to Remote Code Execution (RCE) via Arbitrary File Write in `${tag}` Placeholder

Fluentd allows dynamically constructing file paths using the $tag placeholder. It was discovered that validation for this placeholder was insufficient. If a Fluentd instance is configured to receive logs from untrusted sources and uses the $tag placeholder in file configurations such as the path...

ImageMagick has a Use-After-Free when allocation in CheckPrimitiveExtent fails

When an allocation fails in CheckPrimitiveExtent this can result in a heap-use-after-free and result in a crash...

CVE-2026-45195

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel. Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses...

K000161933: Spring Framework vulnerability CVE-2026-41853

Security Advisory Description Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48. CVE-2026-41853 Impact There is no impact; F5 products...

K000161932: Spring Framework vulnerability CVE-2026-41842

Security Advisory Description Spring MVC and WebFlux applications are vulnerable to Denial of Service DoS attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48. CVE-2026-41842 Impact There...

Malicious code in @immobiliarelabs/backstage-plugin-gitlab-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 096fc86987f4a25a5fb6572968e0c7309d71ed3e6ab16c239427de98c7d30ae7 The package ships a binding.gyp at the package root whose contents use GYP command-expansion syntax !... inside its targets/sources fields. npm...

Malicious code in @immobiliarelabs/backstage-plugin-ldap-auth-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbe41ed7d4257171c43c1047d7fde036575b57305b26d18cec61d1f1a20d33b1 The package ships a binding.gyp at the package root containing GYP command-expansion syntax !... in its sources/targets configuration binding.gyp lin...

Malicious code in @immobiliarelabs/backstage-plugin-ldap-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e447b204a3dbe39ad2390ad721dfc14f32b64e2c27d8b4efaf99a27e9cde7b92 The package ships a binding.gyp at the tarball root that contains GYP command-expansion syntax !... / !@... in its sources/targets configuration...

Malicious code in @immobiliarelabs/backstage-plugin-gitlab (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 00eb86df154a9532085ad285ee63cd4c4f9a95a6fe983b9930cd059dfb4cb3f5 The package ships a binding.gyp at the package root whose targets/sources fields contain GYP command-expansion syntax !... at line 6. npm implicitly...

CVE-2026-45195 GPU DDK - rgxfw_set_mips_fault_address(&psInit->sFaultPhysAddr) is untrusted

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel. Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses...

CVE-2026-45195

The CVE-2026-45195 entry describes a vulnerability in kernel software running inside a Host VM that can post improper commands to the GPU firmware, enabling memory reads/writes outside the host kernel’s permitted range. The issue arises from addresses passed to the GPU firmware that can be used f...

EUVD-2026-39787

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel. Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses...

CVE-2026-45195

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel. Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses...