CVE-2026-33807 @fastify/express vulnerable to middleware path doubling causing authentication bypass in child plugin scopes

@fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. When a child plugin is registered with a prefix that matches a middleware path, the middleware path is prefixed a second time,...

PT-2026-33034

Name of the Vulnerable Software and Affected Versions @fastify/express versions prior to 4.0.5 Description A path handling bug in the onRegister function causes middleware paths to be doubled when inherited by child plugins. When a child plugin is registered with a prefix matching a middleware...

(0Day) Docker Desktop cli-plugins Incorrect Permission Assignment Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop for Windows. An attacker must first obtain the ability to escape the container and execute low-privileged code within the Docker Hyper-V VM in order to exploit this vulnerability. The...

WordPress plugin Magazine Blocks 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

WordPress plugin Tutor LMS 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

@grupo-loja/vendure-banner-plugin (=1.0.0), @grupo-loja/vendure-conect-envios-plugin (>=1.0.0 <=1.0.1) +54 more potentially affected by CVE-2026-40887 via @vendure/core (>=1.9.5 <=2.2.7)

@vendure/core NPM version =1.9.5, =1.0.0, =0.0.1, =1.0.3, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.1, =2.0.0, =2.0.0, =2.2.4 and more Source cves: CVE-2026-40887 Source advisory: SNYK:JS-VENDURECORE-16068909...

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +160 more potentially affected by CVE-2026-37980 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.5.5)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.0.0, =1.2.0 and more Source cves: CVE-2026-37980 Source advisory: OSV:GHSA-M32F-8VH9-2HH3https://vulners.com/osv/OSV:GHSA-M32F-8VH...

RHSA-2026:7850 Red Hat Security Advisory: gstreamer-plugins-base and gstreamer-plugins-good security update

Bulletin has no description...

Debian: Security Advisory (DLA-4530-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 44 Update: OpenImageIO-3.1.12.0-2.fc44

OpenImageIO is a library for reading and writing images, and a bunch of relat ed classes, utilities, and applications. Main features include: - Extremely simple but powerful ImageInput and ImageOutput APIs for reading a nd writing 2D images that is format agnostic. - Format plugins for TIFF,...

[SECURITY] Fedora 44 Update: kf5-kimageformats-5.116.0-8.fc44

This framework provides additional image format plugins for QtGui. As such it is not required for the compilation of any other software, but may be a runtime requirement for Qt-based software to support certain image formats...

[SECURITY] [DLA 4530-1] gst-plugins-bad1.0 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4530-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz April 13, 2026 https://wiki.debian.org/LTS -...

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +37 more potentially affected by CVE-2025-66236 via apache-airflow (>=3.0.0 <=3.1.8)

apache-airflow PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2025-66236 Source advisory: OSV:PYSEC-2026-8...

Important: Red Hat Security Advisory: gstreamer-plugins-base and gstreamer-plugins-good security update

An update for multiple packages is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RHSA-2026:7673 Red Hat Security Advisory: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update

Bulletin has no description...

Important: Red Hat Security Advisory: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update

An update for multiple packages is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

WPProbe Plugin Enumeration Tool 0.11.8

A fast WordPress plugin and theme scanner that detects installed plugins via REST API enumeration and themes from HTML discovery, then maps them to known vulnerabilities. Over 5,000 plugins detectable without brute-force, thousands more with it...

RHEL 7 : gstreamer-plugins-base and gstreamer-plugins-good (RHSA-2026:7850)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7850 advisory. GStreamer is a streaming media framework, based on graphs of filters which operate on media data. Applications using this library can do...

RHEL 7 : gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good (RHSA-2026:7673)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7673 advisory. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package...

Medium: gstreamer1-plugins-good

Issue Overview: An out-of-bounds read in the WAV parser that can cause crashes for certain input files. CVE-2026-1940 Affected Packages: gstreamer1-plugins-good Issue Correction: Run dnf update gstreamer1-plugins-good --releasever 2023.11.20260413 or dnf update --advisory ALAS2023-2026-1579...