Debian dla-4474 : librlottie-dev - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4474 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4474-1 [email protected]...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005314)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005314 advisory. Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a...

Medium: libpng

Issue Overview: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function pngimagefinishread when processing interlaced...

CVE-2025-70791

Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The iss...

CVE-2026-25161

Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application contains path traversal vulnerability in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal...

n8n Merge Node has Arbitrary File Write leading to RCE

Impact A vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remote code execution. Patches The issue has been fixed in n8n version 2.4.0, 1.118.0...

PT-2026-6327

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.3 Description iccDEV is a set of libraries and tools for interacting with ICC color management profiles. A heap buffer overflow read exists in the CIccIO::WriteUInt16Float function when converting malformed XML t...

EUVD-2026-5209

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability exists in Craft Commerce’s Order Status History Message. The message is rendered using the |md filter, which permits raw HTML, enabling malicious script...

PT-2026-6227

Name of the Vulnerable Software and Affected Versions Brainstorm Force Sigmize versions n/a through 0.0.9 Description A Cross-Site Request Forgery CSRF issue exists in Brainstorm Force Sigmize sigmize, allowing attackers to perform actions on behalf of authenticated users. This occurs because the...

Fedora 43 : nodejs24 (2026-5cd409edfa)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-5cd409edfa advisory. Update to version 24.13.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

PT-2026-5410

Name of the Vulnerable Software and Affected Versions fast-xml-parser versions 4.3.6 through 5.3.3 Description fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.3.6 through 5.3.3, a...

TencentOS Server 4: libsndfile (TSSA-2026:0036)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0036 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues: Update to version 1.25.6 released 2026-01-15 jscSLE-18320, bsc1244485: Security fixes: CVE-2025-4674 cmd/go: disable support for multiple vcs in one module bsc1246118. CVE-2025-47906 os/exec: LookPath bug: incorrect expansion of "", "." a...

ALSA-2026:1088 Important: python3.12-urllib3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

openSUSE Security Advisory (SUSE-SU-2026:0256-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 16 Security Update : go1.24 (openSUSE-SU-2026:20077-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20077-1 advisory. Update to go1.24.12 released 2026-01-15 bsc1236217 Security fixes: - CVE-2025-61730: crypto/tls: handshake messages may be processed at the...

CVE-2026-24411 iccDEV has Undefined Behavior and Null Pointer Deference in CIccTagXmlSegmentedCurve::ToXml()

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in CIccTagXmlSegmentedCurve::ToXml. This occurs when user-controllable input is unsafely incorporated into ICC profile data or oth...

SUSE SLES16 Security Update : cargo-c (SUSE-SU-2026:20096-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:20096-1 advisory. - CVE-2025-4574: crossbeam-channel: Fixed double-free on drop in Channel::discardallmessages bsc1243179 - CVE-2025-58160:...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.25 (SUSE-SU-2026:0218-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0218-1 advisory. Update to go1.25.6 released 2026-01-15 bsc1244485 Security fixes: - CVE-2025-61730: crypto/tls:...

SUSE SLED15: libldap-2_5-0 / openldap2_5 / openldap2_5-client / etc (SUSE-SU-2026:0256-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0256-1 advisory. Security fixes: - CVE-2026-22185: Fixed possible crash in malicious DB bsc1256297 Other fixes: - Update t...