CLSA-2025-1762538558 containernetworking-plugins: Fix of 13 CVEs

rebuild with newer golang to fix multiple security vulnerabilities: - CVE-2023-24534: fix HTTP/2 rapid reset attack leading to denial of service - CVE-2023-29400: fix HTTP/2 frame processing panic leading to denial of service - CVE-2022-41725: fix HTTP/2 server connection handling causing...

Memory Forensics Techniques for Automated Detection and Analysis of Go Malware

The Go programming language has become increasingly popular among malware developers due to its ability to produce statically linked, cross-platform executables that challenge traditional analysis techniques. These binaries embed a substantial runtime and compiler-generated metadata and are...

CVE-2026-43885

WWBN AVideo is an open source video platform. In versions up to and including 29.0, an unauthenticated user can read APISecret from objects/plugins.json.php and use it to call protected API endpoints e.g. userslist without logging in. Commit 1c36f229d0a103528fb9f64d0a1cc0e1e8f5999b contains an...

CVE-2026-45181

Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation via argument injection, which allows attackers to place their code into a plugins directory if the victim uses an attacker-supplied .i64 file...

[SECURITY] Fedora 43 Update: nextcloud-33.0.3-1.fc43

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

WWBN AVideo 信息泄露漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to version 29 contain an information leakage vulnerability. This vulnerability arises because unverified users can read the APISecret from objects/plugins.json.php and use it ...

WordPress plugin Custom css-js-php 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

CVE-2026-45181

Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation via argument injection, which allows attackers to place their code into a plugins directory if the victim uses an attacker-supplied .i64 file...

GHSA-PMWQ-PJRM-6P5R vulnerabilities

Vulnerabilities for packages: neuvector-sigstore-interface-fips, trivy-operator, neuvector-sigstore-interface, guac, cosign, trivy-operator-fips, gitsign, falcoctl, crossplane-fips, kyverno-notation-aws-fips, livekit-cli, buildkitd, docker-compose-fips, ko, tekton-chains-fips, tekton-chains,...

Unity Linux 20.1070e Security Update: gstreamer1-plugins-good (UTSA-2026-017385)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017385 advisory. Integer overflow in matroskademux element in gstmatroskademuxaddwvpkheader function which allows a heap overwrite while parsing matroska files. Potential for arbitra...

Unity Linux 20.1070e Security Update: gstreamer1-plugins-good (UTSA-2026-017384)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017384 advisory. DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gstmatroskadecompressdata function which...

Unity Linux 20.1070e Security Update: gstreamer1-plugins-good (UTSA-2026-017386)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017386 advisory. DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemuxinflate function which causes a segfault, or could...

Electerm runWidget has a path traversal that leads to arbitrary code execution

Impact The runWidget function in src/app/widgets/load-widget.js constructs a file path by directly concatenating user‑supplied widget identifiers without any sanitisation: javascript const file = widget-$widgetId.js const widget = requirepath.joindirname, file Because runWidget is exposed to the...

GHSA-F77V-9VPC-6PJM Electerm runWidget has a path traversal that leads to arbitrary code execution

Impact The runWidget function in src/app/widgets/load-widget.js constructs a file path by directly concatenating user‑supplied widget identifiers without any sanitisation: javascript const file = widget-$widgetId.js const widget = requirepath.joindirname, file Because runWidget is exposed to the...

Oracle Linux 7 : gstreamer1-plugins-bad-free, / gstreamer1-plugins-base, / and / gstreamer1-plugins-good (ELSA-2026-7673)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-7673 advisory. - Security update for CVE-2026-3082 Orabug: 39199326 gstreamer1-plugins-base - Security update for CVE-2026-2921 Orabug: 39199326 - Fixed...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the Plugins::add process. An attacker can execute arbitrary code, overwrite sensitive files, and gain full control of the server by uploading a specially crafted ZIP archive containing file paths with directory...

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 27, 2026 to May 3, 2026)

Last week, there were 87 vulnerabilities disclosed in 198 WordPress Plugins and 5 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 61 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities ...

[SECURITY] Fedora 44 Update: dovecot-2.4.3-2.fc44

Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the REST layer when processing malformed HTTP requests. An attacker can gain unauthorized access to restricted API endpoints by crafting specially formed HTTP requests. This is only exploitable if custom plugi...

GHSA-83X9-VC3C-HGHC OpenSearch has a bypass of REST Layer Authorization Using Malformed Paths

Description A flaw was identified in the OpenSearch REST layer that could allow authorization checks to be bypassed when processing certain malformed HTTP requests. This could permit unauthorized access to restricted API endpoints in environments that rely on REST-layer authorization...