Critical: nginx:1.24 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 For more details about the security issues, including the impact, a CVSS...

Moderate: systemd security update

The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes...

PT-2026-41930

Name of the Vulnerable Software and Affected Versions ModelScope version 1.25.0 Description An issue allows attackers to execute arbitrary code through a crafted module specified in the configuration file 'dey mini.yaml' under the key 'nnet''module'. Recommendations At the moment, there is no...

EUVD-2025-209897

An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file deymini.yaml under the key 'nnet''module'...

CVE-2025-51427

ModelScope 1.25.0 is affected by CVE-2025-51427. The issue allows arbitrary code execution via a crafted module listed in the deployment’s configuration file (dey_mini.yaml) under the key ['nnet']['module']. The root cause is a unsafe module loading path in the configuration, enabling an attacker...

ALSA-2026:19187 Moderate: compat-openssl11 security update

The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries from the 1.1.1 version and is provided for compatibility with previous releases. Security Fixes: openssl: OpenSSL: Arbitrary code execution due to...

ALSA-2026:19359 Important: openexr security update

OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR. Security Fixes:...

RHEL 9 : openexr (RHSA-2026:19359)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19359 advisory. OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents ...

RockyLinux 10 : nginx (RLSA-2026:18063)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18063 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the RockyLinux security...

nginx:1.24 security update

1.24.0-3.0.1.1 - Remove Red Hat references Orabug: 29498217 1:1.24.0-3.1 - Resolves: RHEL-176224 - nginx:1.24/nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 1:1.24.0-3 - Resolves: RHEL-157877 CVE-2026-32647 nginx:1.24/nginx: NGINX: Denial of Service or Code Execution via...

ALSA-2026:19371 Critical: nginx:1.24 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 For more details about the security issues, including the impact, a CVSS...

ALSA-2026:19180 Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer:...

ALSA-2026:19150 Important: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing CVE-2026-4775 For more details about the security issues,...

CVE-2025-51427

An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file deymini.yaml under the key 'nnet''module'...

CVE-2025-51427

An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file deymini.yaml under the key 'nnet''module'...

ALSA-2026:19159 Critical: nginx security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 For more details about the security issues, including the impact, a CVSS...

OpenHarmony 资源管理错误漏洞

OpenHarmony is an open-source project for a Harmony operating system developed by the OpenAtom Foundation in China. Versions of OpenHarmony 6.0 and earlier contained a resource management vulnerability that allowed attackers to execute arbitrary code...

CVE-2026-30117

scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows attackers to execute arbitrary code via uploading a crafted SVG file...

RHEL 9 : LibRaw (RHSA-2026:19345)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19345 advisory. LibRaw is a library for reading RAW files obtained from digital photo cameras CRW/CR2, NEF, RAF, DNG, and others. Security Fixes: LibRaw:...

Linux Distros Unpatched Vulnerability : CVE-2026-8975

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume tha...