[SECURITY] [DSA 6100-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6100-1 [email protected] https://www.debian.org/security/ Andres Salomon January 14, 2026 https://www.debian.org/security/faq -...

PT-2026-3003

Name of the Vulnerable Software and Affected Versions Supreme Modules Lite versions prior to 2.5.63 Description The Supreme Modules Lite plugin for WordPress is susceptible to arbitrary file upload due to inadequate file type validation. The plugin incorrectly identifies JSON files, permitting...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002195)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002195 advisory. Buffer overflow in virt/kvm/irqcomm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service crash and possibly execu...

EulerOS 2.0 SP12 : openssl (EulerOS-SA-2026-1096)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and writ...

ALSA-2026:0700 Moderate: transfig security update

The transfig utility creates a makefile which translates FIG created by xfig or PIC figures into a specified LaTeX graphics language for example, PostScriptTM. Transfig is used to create TeX documents which are portable i.e., they can be printed in a wide variety of environments. Install transfig...

MiracleLinux 4 : qemu-kvm-0.12.1.2-2.209.AXS4.4 (AXSA:2012-478:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-478:01 advisory. KVM for Kernel-based Virtual Machine is a full virtualization solution for Linux on x86 hardware. Using KVM, one can run multiple virtual machines...

MiracleLinux 3 : lftp-3.7.11-4.AXS3.3 (AXSA:2010-400:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2010-400:01 advisory. LFTP is a sophisticated ftp/http file transfer program. Like bash, it has job control and uses the readline library for input. It has bookmarks, built-in...

MiracleLinux 3 : glibc-2.5-81.7.0.1.AXS3 (AXSA:2012-928:05)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-928:05 advisory. The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make...

MiracleLinux 3 : freetype-2.2.1-28.0.1.AXS3 (AXSA:2010-460:03)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2010-460:03 advisory. The FreeType engine is a free and portable TrueType font rendering engine, developed to provide TrueType support for a variety of platforms and...

CVE-2026-22685

DevToys is a desktop app for developers. In versions from 2.0.0.0 to before 2.0.9.0, a path traversal vulnerability exists in the DevToys extension installation mechanism. When processing extension packages NUPKG archives, DevToys does not sufficiently validate file paths contained within the...

PT-2026-2653

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 147 Thunderbird versions prior to 147 Firefox ESR versions prior to 140.7 Thunderbird ESR versions prior to 140.7 Description The software contains memory safety bugs that could potentially lead to arbitrary code...

CVE-2026-22685

DevToys (desktop app) has a path traversal vulnerability in its extension installation for versions 2.0.0.0–2.0.8.x, where processing NUPKG archives does not validate file paths, allowing crafted entries like ../../…/target-file to write outside the intended extensions directory. This could overw...

PT-2026-2227

Name of the Vulnerable Software and Affected Versions Fickling versions up to and including 0.1.6 Description Fickling, a Python pickling decompiler and static analyzer, incorrectly classifies pickles utilizing the cProfile.run function as SUSPICIOUS instead of OVERTLY MALICIOUS. This...

PT-2026-2240

Name of the Vulnerable Software and Affected Versions DevToys versions 2.0.0.0 through 2.0.8.0 Description DevToys, a desktop application for developers, contains a path traversal flaw in its extension installation process. When handling extension packages NUPKG archives, the application...

CVE-2023-25348

ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file...

CVE-2023-25003

A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution...

CVE-2023-25004

A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution...

CVE-2023-29478

BiblioCraft before 2.4.6 does not sanitize path-traversal characters in filenames, allowing restricted write access to almost anywhere on the filesystem. This includes the Minecraft mods folder, which results in code execution...

CVE-2023-4300

The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution...

CVE-2018-1000217

Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. This attack appear to be exploitable via Depends on how application uses cJSON library. If application provides network...