PT-2026-48907

The Aqara IAM/SSO Gateway gw-builder.aqara.com used a hardcoded OAuth client credential, which is an instance of "CWE-798: Use of Hard-coded Credentials." This issue has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 9.1 Critical. When combined with CVE-2026-50082, CVE-50084, a...

CLEANSTART-2026-PK48502 Security fixes for CVE-2025-47911, CVE-2025-58190, CVE-2025-68121 applied in versions: 2.3.0-r0

Multiple security vulnerabilities affect the mountpoint-s3-csi-driver package. These issues are resolved in later releases. See references for individual vulnerability details...

Security Bulletin: The Network Threat Analytics App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. Network Threat Analytics App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2023-2454 DESCRIPTION:...

openSUSE Security Advisory (SUSE-SU-2026:0877-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RockyLinux 8 : postgresql:12 (RLSA-2026:4064)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:4064 advisory. postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing...

CLSA-2026-1772812991 skopeo: Fix of 3 CVEs

rebuild with newer golang version 1.22.9-1.el92.tuxcare.els6 to fix the following CVEs - CVE-2025-61726: limit parsed URL query parameters to mitigate excessive memory consumption during form parsing - CVE-2025-61729: fix excessive resource consumption when constructing hostname error messages...

openSUSE Security Advisory (SUSE-SU-2026:0789-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CLSA-2026-1772619878 runc: Fix of 3 CVEs

rebuild with newer golang version 1.25.7-1.el96.tuxcare.els1 to fix the following CVEs - CVE-2025-68121: fix TLS session resumption bypass by preventing shared auto-rotated ticket keys in Config and validating full certificate chain expiry - CVE-2025-61726: limit parsed URL query parameters to...

openSUSE Security Advisory (SUSE-SU-2026:0661-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2026-7ba8ba6dff)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RockyLinux 9 : fontforge (RLSA-2026:2039)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:2039 advisory. fontforge: FontForge: Remote Code Execution via heap-based buffer overflow in BMP file parsing CVE-2025-15279 fontforge: FontForge: Remote Code Execution...

python3.12-urllib3 security update

1.26.19-2 - Security fix for CVE-2025-66471 - Security fix for CVE-2025-66418 - Security fix for CVE-2026-21441 Resolves: RHEL-139409...

python-urllib3 security update

1.26.19-2.1 - Security fix for CVE-2025-66471 - Security fix for CVE-2025-66418 - Security fix for CVE-2026-21441 Resolves: RHEL-139387...

MiracleLinux 4 : php-5.3.3-22.AXS4 (AXSA:2013-117:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-117:01 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers...

MiracleLinux 7 : golang-1.9.4-1.el7 (AXSA:2018-2885:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-2885:01 advisory. golang: arbitrary code execution during go get or go get -d CVE-2017-15041 golang: smtp.PlainAuth susceptible to man-in-the-middle password harvesti...

Advisory ROSA-SA-2025-3104

Software: libsoup 2.62.3 OS: ROSA Virtualization 2.1 packageevrstring: libsoup-2.62.3-7.rv3 CVE-ID: CVE-2024-52530 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: An HTTP request smuggling vulnerability in GNOME libsoup allows an attacker to trick the server by injecting the '\0' character into request...

openSUSE Security Advisory (SUSE-SU-2025:4190-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-6924245627)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RockyLinux 8 : kernel (RLSA-2025:19931)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:19931 advisory. kernel: x86/vmscape: Add conditional IBPB mitigation CVE-2025-40300 kernel: mm: fix zswap writeback race condition CVE-2023-53178 kernel: fs: fix UAF/GP...

.NET 8.0 security update

An update is available for dotnet8.0. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...