RLSA-2026:6259 Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer:...

gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update

An update is available for gstreamer1-plugins-bad-free, gstreamer1-plugins-good, gstreamer1-plugins-ugly-free, gstreamer1-plugins-base. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2026-24661

Mattermost Plugins versions =2.1.3.0 fail to limit the request body size on the /changes webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00611...

CVE-2026-21388

Mattermost Plugins versions =2.3.1 fail to limit the request body size on the /lifecycle webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00610...

CVE-2026-24661 Unbounded Request Body Read in MS Teams Plugin {{/changes}} Webhook Endpoint

Mattermost Plugins versions =2.1.3.0 fail to limit the request body size on the /changes webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00611...

CVE-2026-24661

Mattermost Plugins versions =2.1.3.0 fail to limit the request body size on the /changes webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00611...

CVE-2026-24661 Unbounded Request Body Read in MS Teams Plugin {{/changes}} Webhook Endpoint

Mattermost Plugins versions =2.1.3.0 fail to limit the request body size on the /changes webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00611...

CVE-2026-21388 Unbounded Request Body Read in MS Teams Plugin {{/lifecycle}} Webhook Endpoint

Mattermost Plugins versions =2.3.1 fail to limit the request body size on the /lifecycle webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00610...

CVE-2026-21388

CVE-2026-21388 affects Mattermost Plugins versions

CVE-2026-21388

Mattermost Plugins versions =2.3.1 fail to limit the request body size on the /lifecycle webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00610...

RLSA-2026:6750 Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer:...

gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update

An update is available for gstreamer1-plugins-bad-free, gstreamer1-plugins-good, gstreamer1-plugins-base. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GStream...

CVE-2026-4326

The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. This is due to improper authorization enforcement in the activaterequiredplugins function. Specifically, the currentusercan'installplugins' capability check does...

EUVD-2026-20825

The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. This is due to improper authorization enforcement in the activaterequiredplugins function. Specifically, the currentusercan'installplugins' capability check does...

CVE-2026-4326

CVE-2026-4326 concerns the Vertex Addons for Elementor plugin for WordPress, affecting all versions up to 1.6.4. The root cause is improper authorization enforcement in the activate_required_plugins() function: the capability check current_user_can('install_plugins') does not terminate execution ...

CVE-2026-4326 Vertex Addons for Elementor <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation via 'afeb_activate_required_plugins'

The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. This is due to improper authorization enforcement in the activaterequiredplugins function. Specifically, the currentusercan'installplugins' capability check does...

CLEANSTART-2026-UQ00642 Docker CLI for Windows searches for plugin binaries in C:\\\\ProgramData\\\\Docker\\\\cli-plugins, a directory that does not exist by default

Multiple security vulnerabilities affect the minio-operator-fips package. Docker CLI for Windows searches for plugin binaries in C:\\ProgramData\\Docker\\cli-plugins, a directory that does not exist by default. See references for individual vulnerability details...

CLEANSTART-2026-BD18029 Docker CLI for Windows searches for plugin binaries in C:\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ProgramData\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\Docker\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\cli-plugins, a directory that does not exist by default

Multiple security vulnerabilities affect the istio-fips package. Docker CLI for Windows searches for plugin binaries in...

CLEANSTART-2026-NV37937 Docker CLI for Windows searches for plugin binaries in C:\\\\\\\\\\\\\\\\ProgramData\\\\\\\\\\\\\\\\Docker\\\\\\\\\\\\\\\\cli-plugins, a directory that does not exist by default

Multiple security vulnerabilities affect the istio package. Docker CLI for Windows searches for plugin binaries in C:\\\\\\\\ProgramData\\\\\\\\Docker\\\\\\\\cli-plugins, a directory that does not exist by default. See references for individual vulnerability details...

Helm 路径遍历漏洞

Helm is a Kubernetes package manager offered by the CNCF foundation. Versions of Helm prior to 4.1.3 have a path traversal vulnerability. This vulnerability arises because custom Helm plugins may write their content to any position in the file system...