Fedora 43 : mingw-gstreamer1 / mingw-gstreamer1-plugins-bad-free / etc (2026-e6d8e9fd49)

The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-e6d8e9fd49 advisory. Update to gstreamer-1.26.11. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...

RHSA-2026:6300 Red Hat Security Advisory: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update

Bulletin has no description...

RHSA-2026:3341 Red Hat Security Advisory: containernetworking-plugins security update

Bulletin has no description...

CVE-2026-4896

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including wcfmmodifyorderstatus, deletewcfmarticle,...

WordPress plugin Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

Oracle Linux 9 : gstreamer1-plugins-bad-free, / gstreamer1-plugins-base, / gstreamer1-plugins-good, / and / gstreamer1-plugins-ugly-free (ELSA-2026-6300)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-6300 advisory. - fix for CVE-2026-2923, CVE-2026-3082 Resolves: RHEL-156231, RHEL-156248 gstreamer1-plugins-base - Apply patch for CVE-2026-2921 Resolves: RHEL-156241...

WordPress plugin Widgets for Social Photo Feed 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

[SECURITY] Fedora 42 Update: gstreamer1-plugins-bad-free-1.26.11-1.fc42

GStreamer is a streaming media framework, based on graphs of elements which operate on media data. This package contains plug-ins that aren't tested well enough, or the code is not of good enough quality...

[SECURITY] Fedora 42 Update: gstreamer1-1.26.11-1.fc42

GStreamer is a streaming media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types ...

[SECURITY] Fedora 42 Update: gstreamer1-plugins-good-1.26.11-1.fc42

GStreamer is a streaming media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types ...

[SECURITY] Fedora 42 Update: gstreamer1-plugins-ugly-free-1.26.11-1.fc42

GStreamer is a streaming media framework, based on graphs of elements which operate on media data. This package contains plug-ins whose license is not fully compatible with LGP L...

[SECURITY] Fedora 42 Update: gstreamer1-plugins-base-1.26.11-1.fc42

GStreamer is a streaming media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types ...

GHSA-QCJ9-WWGW-6GM8 OpenClaw: Workspace `.env` can override the bundled plugin trust root

Summary Workspace .env can override the bundled plugin trust root Current Maintainer Triage - Status: open - Normalized severity: high - Assessment: v2026.3.28 still lets workspace .env override OPENCLAWBUNDLEDPLUGINSDIR, but critical is too high because exploitation still depends on...

External Control of System or Configuration Setting

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to External Control of System or Configuration Setting via the handling of the .env file, which can override the trusted root directory for bundled plugins. An attacker can influence the...

SUSE CVE-2026-35094

A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system logs. This could...

Malicious Package

Overview strapi-plugin-nordica-cms is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages...

Malicious Package

Overview strapi-plugin-nordica-deep is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages...

Malicious Package

Overview strapi-plugin-database is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages aren...

Malicious Package

Overview strapi-plugin-form is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages aren't...

Malicious Package

Overview strapi-plugin-blurhash is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages aren...