Important: gstreamer1-plugins-good

Issue Overview: Heap-based buffer overflow and out-of-bounds write in the RTP QDM2 depayloader. CVE-2026-3083 Heap-based buffer overflow and out-of-bounds write in the RTP QDM2 depayloader. CVE-2026-3085 Affected Packages: gstreamer1-plugins-good Note: This advisory is applicable to Amazon Linux ...

Fedora: Security Advisory (FEDORA-2026-e77ad9d792)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the luaLloadfile plugin in configuration directories. An attacker can execute unauthorized code and access sensitive information by placing a specially crafted Lua bytecode file in a system or user...

PT-2026-29525

Name of the Vulnerable Software and Affected Versions libinput affected versions not specified Description A flaw exists in libinput where an attacker who can deploy a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collectio...

Important: gstreamer1-plugins-bad-free

Issue Overview: GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack...

Oracle Linux 10 : gstreamer1-plugins-bad-free, / gstreamer1-plugins-base, / gstreamer1-plugins-good, / and / gstreamer1-plugins-ugly-free (ELSA-2026-6259)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-6259 advisory. - fix for CVE-2026-2923, CVE-2026-3082 Resolves: RHEL-156111, RHEL-156158 gstreamer1-plugins-base - Apply patch for CVE-2026-2921 Resolves: RHEL-15612...

libinput 安全漏洞

libinput is an open-source library from freedesktop. It provides a complete input stack for applications that need to handle input devices provided by the kernel, such as display servers. There is a security vulnerability in libinput, which allows attackers to deploy Lua plugins in specific syste...

Amazon Linux 2 : gstreamer1-plugins-base, --advisory ALAS2-2026-3210 (ALAS-2026-3210)

The version of gstreamer1-plugins-base installed on the remote host is prior to 1.18.4-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3210 advisory. An integer overflow in the RIFF parser that can cause crashes for certain input files. CVE-2026-2921 Tenable has...

Amazon Linux 2 : gstreamer1-plugins-good, --advisory ALAS2-2026-3224 (ALAS-2026-3224)

The version of gstreamer1-plugins-good installed on the remote host is prior to 1.18.4-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3224 advisory. An out-of-bounds read in the WAV parser that can cause crashes for certain input files. CVE-2026-1940 Tenable has...

Amazon Linux 2 : gstreamer1-plugins-good, --advisory ALAS2-2026-3209 (ALAS-2026-3209)

The version of gstreamer1-plugins-good installed on the remote host is prior to 1.18.4-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3209 advisory. Heap-based buffer overflow and out-of-bounds write in the RTP QDM2 depayloader. CVE-2026-3083 Heap-based...

Medium: gstreamer1-plugins-good

Issue Overview: An out-of-bounds read in the WAV parser that can cause crashes for certain input files. CVE-2026-1940 Affected Packages: gstreamer1-plugins-good Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and...

Important: gstreamer1-plugins-base

Issue Overview: An integer overflow in the RIFF parser that can cause crashes for certain input files. CVE-2026-2921 Affected Packages: gstreamer1-plugins-base Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and A...

Important: gstreamer1-plugins-base

Issue Overview: An integer overflow in the RIFF parser that can cause crashes for certain input files. CVE-2026-2921 Affected Packages: gstreamer1-plugins-base Issue Correction: Run dnf update gstreamer1-plugins-base --releasever 2023.10.20260330 or dnf update --advisory ALAS2023-2026-1504...

GHSA-4WWR-7H7C-CHQR AVideo's CSRF on Admin Plugin Configuration Enables Payment Credential Hijacking

Summary AVideo's admin plugin configuration endpoint admin/save.json.php lacks any CSRF token validation. There is no call to isGlobalTokenValid or verifyToken before processing the request. Combined with the application's explicit SameSite=None cookie policy, an attacker can forge cross-origin...

GHSA-QXMC-6F24-G86G baserCMS has OS Command Injection Leading to Remote Code Execution (RCE)

Summary In the core update functionality of baserCMS, some parameters sent from the admin panel are passed to the exec function without proper validation or escaping. This issue allows an authenticated CMS administrator to execute arbitrary OS commands on the server Remote Code Execution, RCE. Th...

CVE-2026-34613

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/pluginSwitch.json.php allows administrators to enable or disable any installed plugin. The endpoint checks for an active admin session but does not validate a CSRF token. Additionally, the plugin...

CVE-2026-34613 AVideo: CSRF on Plugin Enable/Disable Endpoint Allows Disabling Security Plugins

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/pluginSwitch.json.php allows administrators to enable or disable any installed plugin. The endpoint checks for an active admin session but does not validate a CSRF token. Additionally, the plugin...

CVE-2026-34613 AVideo: CSRF on Plugin Enable/Disable Endpoint Allows Disabling Security Plugins

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/pluginSwitch.json.php allows administrators to enable or disable any installed plugin. The endpoint checks for an active admin session but does not validate a CSRF token. Additionally, the plugin...

CVE-2026-34613 AVideo: CSRF on Plugin Enable/Disable Endpoint Allows Disabling Security Plugins

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/pluginSwitch.json.php allows administrators to enable or disable any installed plugin. The endpoint checks for an active admin session but does not validate a CSRF token. Additionally, the plugin...

CVE-2026-34613

The CVE affects WWBN AVideo (versions 26.0 and earlier). The endpoint objects/pluginSwitch.json.php lets an admin enable/disable plugins without validating a CSRF token, and the plugin list is exempt from ORM-level Referer/Origin checks via ignoreTableSecurityCheck(), bypassing domain validation ...