GHSA-HQXF-MHFW-RC44 AVideo: CSRF on Plugin Enable/Disable Endpoint Allows Disabling Security Plugins

Summary The AVideo endpoint objects/pluginSwitch.json.php allows administrators to enable or disable any installed plugin. The endpoint checks for an active admin session but does not validate a CSRF token. Additionally, the plugins database table is explicitly listed in ignoreTableSecurityCheck,...

AVideo: CSRF on Plugin Enable/Disable Endpoint Allows Disabling Security Plugins

Summary The AVideo endpoint objects/pluginSwitch.json.php allows administrators to enable or disable any installed plugin. The endpoint checks for an active admin session but does not validate a CSRF token. Additionally, the plugins database table is explicitly listed in ignoreTableSecurityCheck,...

[SECURITY] [DSA 6191-1] gst-plugins-ugly1.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6191-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 01, 2026 https://www.debian.org/security/faq -...

[SECURITY] [DSA 6190-1] gst-plugins-bad1.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6190-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 01, 2026 https://www.debian.org/security/faq -...

DEBIAN-CVE-2026-35094

A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system logs. This could...

RHSA-2026:6259 Red Hat Security Advisory: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update

Bulletin has no description...

WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.4.9 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Shortcode vulnerability

Missing Authorization to Authenticated Contributor+ Sensitive Information Exposure via Shortcode vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin Contact Form Entries versions = 1.4.9...

CVE-2026-3831

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the entriesshortcode function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with...

CVE-2026-3831

The CVE-2026-3831 entry concerns the Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress. A missing capability check in entries_shortcode() affects all versions up to 1.4.9, enabling authenticated users with Contributor-level access and above to access all form submissions ...

[SECURITY] Fedora 43 Update: gstreamer1-vaapi-1.26.11-1.fc43

A collection of GStreamer plugins to let you make use of VA API video acceleration from GStreamer applications. Includes elements for video decoding, display, encoding and post-processing using VA API subject to hardware limitations...

[SECURITY] Fedora 43 Update: gstreamer1-plugins-base-1.26.11-1.fc43

GStreamer is a streaming media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types ...

[SECURITY] Fedora 43 Update: gstreamer1-plugins-good-1.26.11-1.fc43

GStreamer is a streaming media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types ...

[SECURITY] Fedora 43 Update: gstreamer1-plugins-bad-free-1.26.11-1.fc43

GStreamer is a streaming media framework, based on graphs of elements which operate on media data. This package contains plug-ins that aren't tested well enough, or the code is not of good enough quality...

[SECURITY] Fedora 43 Update: gstreamer1-plugins-ugly-free-1.26.11-1.fc43

GStreamer is a streaming media framework, based on graphs of elements which operate on media data. This package contains plug-ins whose license is not fully compatible with LGP L...

Amazon Linux 2023 : gstreamer1-plugins-base, gstreamer1-plugins-base-devel, gstreamer1-plugins-base-tools (ALAS2023-2026-1504)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1504 advisory. An integer overflow in the RIFF parser that can cause crashes for certain input files. CVE-2026-2921 Tenable has extracted the preceding description block directly from the tested product security...

Important: gstreamer1-plugins-good

Issue Overview: Heap-based buffer overflow and out-of-bounds write in the RTP QDM2 depayloader. CVE-2026-3083 Heap-based buffer overflow and out-of-bounds write in the RTP QDM2 depayloader. CVE-2026-3085 Affected Packages: gstreamer1-plugins-good Issue Correction: Run dnf update...

Amazon Linux 2023 : gstreamer1-plugins-good, gstreamer1-plugins-good-gtk (ALAS2023-2026-1503)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1503 advisory. Heap-based buffer overflow and out-of-bounds write in the RTP QDM2 depayloader. CVE-2026-3083 Heap-based buffer overflow and out-of-bounds write in the RTP QDM2 depayloader. CVE-2026-3085...

PT-2026-29441

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the entries shortcode function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with...

Ubuntu: Security Advisory (USN-8131-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-8130-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...