openSUSE 16 : Recommended update for shim (SUSE-SU-openSUSE-RU-2026:20325-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU- openSUSE-RU-2026:20325-1 advisory. This update for shim fixes the following issues: shim is updated to version 16.1: - shimstartimage: fix guid/handle pairing when uninstalling...

org.webjars.npm:g-status (=2.0.2), org.webjars.npm:graphql-toolkit__git-loader (=0.7.5) potentially affected by CVE-2022-25912 +1 more via org.webjars.npm:simple-git (>=1.129.0 <=1.132.0)

org.webjars.npm:simple-git MAVEN version =1.129.0, =1.132.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:simple-git and may be impacted: - org.webjars.npm:g-status =2.0.2 - org.webjars.npm:graphql-toolkitgit-loader =0.7.5 Source cves...

Fedora 44 : gimp (2026-b930e5c133)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-b930e5c133 advisory. This is a security update fixing the loader for PSD files. Tenable has extracted the preceding description block directly from the Fedora security advisory...

Fedora 42 : gimp (2026-aecd3809f1)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-aecd3809f1 advisory. This is a security update fixing the loader for PSD files. Tenable has extracted the preceding description block directly from the Fedora security advisory...

@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects

A cross site scripting flaw has been discovered in the npm react-router and @remix-run/router packages. React Router and Remix v1/v2 SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintend...

BIT-PYTHON-2026-2297 SourcelessFileLoader does not use io.open_code()

The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handlers for this audit event therefore do not fire...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : GIMP vulnerabilities (USN-8075-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8075-1 advisory. Michael Randrianantenaina discovered that calculating the linear size of a DDS file could overflow on...

Medium: qt5-qt3d

Issue Overview: A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Handler. The manipulation of the argument tmp...

Medium: gimp

Issue Overview: GIMP: PSD loader: heap-buffer-overflow in freadpascalstring no null terminator CVE-2026-2239 An integer overflow vulnerability has been identified in the PSP Paint Shop Pro file parser of GIMP. The issue occurs in the readcreatorblock function, where the Creator metadata block is...

Amazon Linux 2 : gimp, --advisory ALAS2GIMP-2026-011 (ALASGIMP-2026-011)

The version of gimp installed on the remote host is prior to 2.8.22-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2GIMP-2026-011 advisory. GIMP: PSD loader: heap-buffer-overflow in freadpascalstring no null terminator CVE-2026-2239 An integer overflow...

Linux Distros Unpatched Vulnerability : CVE-2026-2297

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode...

SUSE-RU-2026:20683-1 Recommended update for shim

This update for shim fixes the following issues: This update for shim fixes the following issues: shim is updated to version 16.1: - shimstartimage: fix guid/handle pairing when uninstalling protocols - Fix uncompressed ipv6 netboot - fix test segfaults caused by uninitialized memory -...

OPENSUSE-RU-2026:20325-1 Recommended update for shim

This update for shim fixes the following issues: This update for shim fixes the following issues: shim is updated to version 16.1: - shimstartimage: fix guid/handle pairing when uninstalling protocols - Fix uncompressed ipv6 netboot - fix test segfaults caused by uninitialized memory -...

APT28-Linked Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine

Cybersecurity researchers have disclosed details of a new Russian cyber campaign that has targeted Ukrainian entities with two previously undocumented malware families named BadPaw and MeowMeow. "The attack chain initiates with a phishing email containing a link to a ZIP archive. Once extracted, ...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : shim (SUSE-SU-2026:0741-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0741-1 advisory. shim is updated to version 16.1: - shimstartimage: fix guid/handle pairing when uninstalling protocols -...

AZL-79413 CVE-2026-2297 affecting package python3 3.9.19-19

The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handlers for this audit event therefore do not fire...

ALPINE-CVE-2026-2297

The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handlers for this audit event therefore do not fire...

CVE-2026-2297

The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handlers for this audit event therefore do not fire...

AZL-79491 CVE-2026-2297 affecting package tensorflow 2.16.1-11

The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handlers for this audit event therefore do not fire...

CVE-2026-2297

The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handlers for this audit event therefore do not fire...