SUSE: Security Advisory (SUSE-SU-2026:0022-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-68455

CVE-2026-25498 is a Craft CMS RCE issue exploiting assembleLayoutFromPost() in fmt/src/services/Fields.php, where un-sanitized user configuration data passed to Craft::createObject() enables authenticated admins to inject dangerous Yii2 behavior and execute commands. Affected: Craft 4.x up to 4.1...

EUVD-2026-0828

A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability in the Unifi Protect Application Version 6.1.79 and earlier. Affected Products: UniFi Protect Application Version 6.1.79 and earlier...

CVE-2026-21633

A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability in the Unifi Protect Application Version 6.1.79 and earlier. Affected Products: UniFi Protect Application Version 6.1.79 and earlier...

PT-2026-1214

Name of the Vulnerable Software and Affected Versions The Team WordPress plugin versions prior to 5.0.11 Description The Team WordPress plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action. This allows unauthenticated users to potentially...

PT-2026-1296

Name of the Vulnerable Software and Affected Versions SaasProject Booking Package versions through 1.6.27 Description An issue exists in SaasProject Booking Package related to improper validation of specified quantity in input, potentially allowing access to functionality not properly constrained...

PT-2026-1308

Name of the Vulnerable Software and Affected Versions UniFi Protect Application versions 6.1.79 and earlier Description A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability in the Unifi...

PT-2026-1270

Name of the Vulnerable Software and Affected Versions WPweb Follow My Blog Post versions through 2.4.0 Description An authorization issue exists in WPweb Follow My Blog Post, allowing exploitation due to incorrectly configured access control security levels. Recommendations Update WPweb Follow My...

PT-2026-1326

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.445 Description Coolify is a self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters from docker-compose.yaml files are not properly sanitized when...

PT-2026-1262

Name of the Vulnerable Software and Affected Versions AA-Team Premium SEO Pack versions through 3.3.2 Description The software contains a flaw related to the improper handling of special characters within SQL commands, which could lead to SQL Injection. The issue allows manipulation of SQL querie...

PT-2026-1268

Name of the Vulnerable Software and Affected Versions Brecht Custom Related Posts versions through 1.8.0 Description A flaw exists in Brecht Custom Related Posts that allows the retrieval of embedded sensitive data due to the insertion of sensitive information into sent data. Recommendations Upda...

Important: kernel-livepatch-5.10.245-241.976

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/ip6tunnel: Prevent perpetual tunnel growth CVE-2025-40173 Affected Packages: kernel-livepatch-5.10.245-241.976 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2026-1006)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2026-1189

Name of the Vulnerable Software and Affected Versions CRMEB versions prior to 5.6.2 Description A flaw exists in CRMEB that could allow for remote code execution. The issue stems from improper handling of the cate id argument when processing files through the /adminapi/product/product export API...

PT-2026-1111

Name of the Vulnerable Software and Affected Versions Plex Media Server versions prior to 2025-12-31 Description A non-server device token can retrieve share tokens via the shared servers endpoint. These share tokens are intended for unrelated access. Recommendations Update Plex Media Server to a...

PT-2026-1088

Name of the Vulnerable Software and Affected Versions QNAP versions prior to QTS 5.2.7.3256 build 20250913 QNAP versions prior to QuTS hero h5.2.7.3256 build 20250913 QNAP versions prior to QuTS hero h5.3.1.3250 build 20250912 Description An out-of-bounds read issue exists in QNAP NAS operating...

PT-2026-1089

Name of the Vulnerable Software and Affected Versions QNAP versions prior to QTS 5.2.7.3256 build 20250913 QNAP versions prior to QuTS hero h5.2.7.3256 build 20250913 QNAP versions prior to QuTS hero h5.3.1.3250 build 20250912 Description A resource allocation issue exists in QNAP operating...

PT-2026-2245

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.6.0 Description pypdf is a pure-python PDF library. Versions prior to 6.6.0 are susceptible to long runtimes when processing malformed startxref entries within PDF files. An attacker can create a specially crafted PDF...

PT-2026-1016

Name of the Vulnerable Software and Affected Versions Signal K Server versions prior to 2.19.0 Description Signal K Server is a server application used on boats. A Denial of Service DoS condition can occur in versions prior to 2.19.0. An unauthenticated attacker can crash the server by sending a...

Debian: Security Advisory (DLA-4429-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...