RLSA-2026:19372 Critical: nginx:1.26 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 For more details about the security issues, including the impact, a CVSS...

RHSA-2026:19372 Red Hat Security Advisory: nginx:1.26 security update

Bulletin has no description...

Critical: Red Hat Security Advisory: nginx:1.26 security update

An update for the nginx:1.26 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Critical: nginx:1.26 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 For more details about the security issues, including the impact, a CVSS...

RHSA-2026:15966 Red Hat Security Advisory: nginx:1.26 security update

Bulletin has no description...

go1.26-1.26.3-1.1 on GA media (moderate)

go1.26-1.26.3-1.1 on GA media Announcement ID: openSUSE-SU-2026:10741-1 Rating: moderate Cross-References: CVE-2026-33811 CVE-2026-33814 CVE-2026-39817 CVE-2026-39819 CVE-2026-39820 CVE-2026-39823 CVE-2026-39825 CVE-2026-39826 CVE-2026-39836 CVE-2026-42499 CVE-2026-42501 CVSS scores: CVE-2026-338...

OPENSUSE-SU-2026:10741-1 go1.26-1.26.3-1.1 on GA media

These are all security issues fixed in the go1.26-1.26.3-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-6812

The CVE-2026-6812 entry concerns the Ona theme for WordPress. A Server-Side Request Forgery (SSRF) is possible in all versions up to and including 1.26 via ona_activate_child_theme, enabling authenticated attackers with administrator-level access to make outbound requests from the web application...

CVE-2026-6812 Ona <= 1.26 - Authenticated (Administrator+) Blind Server-Side Request Forgery via 'download_link' Parameter

The Ona theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.26 via the onaactivatechildtheme. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating...

MiracleLinux 9 : nginx:1.26 (AXSA:2026-457:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-457:01 advisory. nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file modification...

RHSA-2026:7343 Red Hat Security Advisory: nginx:1.26 security update

Bulletin has no description...

OPENSUSE-SU-2026:10525-1 go1.26-1.26.2-1.1 on GA media

These are all security issues fixed in the go1.26-1.26.2-1.1 package on the GA media of openSUSE Tumbleweed...

RockyLinux 9 : nginx:1.26 (RLSA-2026:7343)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:7343 advisory. nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file modification via...

CVE-2026-30892 Crun incorrectly parses `crun exec` option `-u`, leading to privilege escalation

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...

PT-2026-27890

Name of the Vulnerable Software and Affected Versions Tasty Daily versions prior to 1.27 Description An issue exists in Tasty Daily that allows for object injection due to deserialization of untrusted data. This could potentially allow an attacker to inject malicious objects. Recommendations Upda...

RHSA-2026:4235 Red Hat Security Advisory: nginx:1.26 security update

Bulletin has no description...

nginx:1.26 security update

2:1.26.3-2.0.1 - Require oracle-indexhtml...

RockyLinux 9 : nginx:1.26 (RLSA-2026:4235)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:4235 advisory. nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections CVE-2026-1642 Tenable has extracted the preceding description block directly...

OPENSUSE-SU-2026:10299-1 go1.26-1.26.1-1.1 on GA media

These are all security issues fixed in the go1.26-1.26.1-1.1 package on the GA media of openSUSE Tumbleweed...

Fedora 43 : delve (2025-3591ae9dd3)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-3591ae9dd3 advisory. Support for Go 1.26 and security fixes. Upstream release notes. Tenable has extracted the preceding description block directly from the Fedora...