gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update

gstreamer1-plugins-bad-free 1.16.1-6.0.1 - Update origin URL Orabug: 36209826 1.16.1-6 - Add patch for CVE-2026-3082 Resolves: RHEL-156202 gstreamer1-plugins-base 1.16.1-6.0.1 - Update origin URL Orabug: 36209826 1.16.1-6 - Add patch for CVE-2026-2921 Resolves: RHEL-156169 gstreamer1-plugins-good...

CVE-2026-4272

Missing Authentication for Critical Function vulnerability in Honeywell Handheld Scanners allows Authentication Abuse.This issue affects Handheld Scanners: from C1 BaseIngenic x1000 before GK000432BAA, from D1 BaseIngenic x1600 before HE000085BAA, from A1/B1 BaseIMX25 before...

CVE-2026-34936

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, passthrough and apassthrough in praisonai accept a caller-controlled apibase parameter that is concatenated with endpoint and passed directly to httpx.Client.request when the litellm primary path raises AttributeError. No URL schem...

EUVD-2026-19128

Missing Authentication for Critical Function vulnerability in Honeywell Handheld Scanners allows Authentication Abuse.This issue affects Handheld Scanners: from C1 BaseIngenic x1000 before GK000432BAA, from D1 BaseIngenic x1600 before HE000085BAA, from A1/B1 BaseIMX25 before...

Fedora: Security Advisory (FEDORA-2026-5e16254ca6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RockyLinux 8 : 389-ds:1.4 (RLSA-2026:5513)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:5513 advisory. 389-ds-base: 389-ds-base: Remote Code Execution and Denial of Service via heap buffer overflow CVE-2025-14905 Tenable has extracted the preceding description bloc...

PT-2026-30759

Impact PartitionedDataset in kedro-datasets was vulnerable to path traversal. Partition IDs were concatenated directly with the dataset base path without validation. An attacker or malicious input containing .. components in a partition ID could cause files to be written outside the configured...

CVE-2026-4272

Missing Authentication for Critical Function vulnerability in Honeywell Handheld Scanners allows Authentication Abuse.This issue affects Handheld Scanners: from C1 BaseIngenic x1000 before GK000432BAA, from D1 BaseIngenic x1600 before HE000085BAA, from A1/B1 BaseIMX25 before...

CVE-2026-4272 CVE-2026-4272 - Bluetooth Remote Execution of System Commands Vulnerability

Missing Authentication for Critical Function vulnerability in Honeywell Handheld Scanners allows Authentication Abuse.This issue affects Handheld Scanners: from C1 BaseIngenic x1000 before GK000432BAA, from D1 BaseIngenic x1600 before HE000085BAA, from A1/B1 BaseIMX25 before...

CVE-2026-4272

CVE-2026-4272 concerns a Missing Authentication for Critical Function in Honeywell Handheld Scanners. Affected are certain Handheld Scanner bases (C1, D1, A1/B1) with specific firmware/builds; vulnerable component Scope includes Ingenic x1000/x1600/IMX25 bases before listed GK/HE/BK firmware IDs....

[SECURITY] Fedora 42 Update: mingw-gstreamer1-plugins-base-1.26.11-1.fc42

GStreamer is a streaming media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types ...

[SECURITY] Fedora 43 Update: mingw-gstreamer1-plugins-base-1.26.11-1.fc43

GStreamer is a streaming media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types ...

AlmaLinux 10 : gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free (ALSA-2026:6259)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:6259 advisory. GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer: GStreamer: Remote Code Execution via heap-based buffer...

RHSA-2026:6300 Red Hat Security Advisory: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update

Bulletin has no description...

pyLoad: SSRF filter bypass via HTTP redirect in BaseDownloader (Incomplete fix for CVE-2026-33992)

Summary The fix for CVE-2026-33992 GHSA-m74m-f7cr-432x added IP validation to BaseDownloader.download that checks the hostname of the initial download URL. However, pycurl is configured with FOLLOWLOCATION=1 and MAXREDIRS=10, causing it to automatically follow HTTP redirects. Redirect targets are...

Oracle Linux 9 : gstreamer1-plugins-bad-free, / gstreamer1-plugins-base, / gstreamer1-plugins-good, / and / gstreamer1-plugins-ugly-free (ELSA-2026-6300)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-6300 advisory. - fix for CVE-2026-2923, CVE-2026-3082 Resolves: RHEL-156231, RHEL-156248 gstreamer1-plugins-base - Apply patch for CVE-2026-2921 Resolves: RHEL-156241...

CVE-2026-34936 PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, passthrough and apassthrough in praisonai accept a caller-controlled apibase parameter that is concatenated with endpoint and passed directly to httpx.Client.request when the litellm primary path raises AttributeError. No URL schem...

CVE-2026-34936 PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, passthrough and apassthrough in praisonai accept a caller-controlled apibase parameter that is concatenated with endpoint and passed directly to httpx.Client.request when the litellm primary path raises AttributeError. No URL schem...

[SECURITY] Fedora 42 Update: gstreamer1-plugins-base-1.26.11-1.fc42

GStreamer is a streaming media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types ...

CVE-2026-23438

In the Linux kernel mvpp2 driver, CVE-2026-23438 arises from an unconditional access to CM3 flow control via mvpp2_cm3_read()/mvpp2_cm3_write() in mvpp2_bm_switch_buffers(), when priv->cm3_base is NULL (e.g., CM3 SRAM not present in device tree). This can crash the kernel on MTU changes that c...