FreeBSD : gstreamer1 -- multiple vulnerabilities (05aadfcc-55f5-11f1-915c-8974b59277b5)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 05aadfcc-55f5-11f1-915c-8974b59277b5 advisory. The GStreamer project reports multiple security vulnerabilities fixed in the 1.28.2 release:...

CLEANSTART-2026-OJ16660 Security fixes for GHSA-2GH3-RMM4-6RQ5, GHSA-434X-W66G-QW3R, GHSA-R6V5-FH4H-64XC, GHSA-XWFJ-JGWM-7WP5 applied in versions: 1.28.2-r0, 1.28.4-r0

Multiple security vulnerabilities affect the ztunnel-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

Amazon Linux 2 : nginx, --advisory ALAS2NGINX1-2026-010 (ALASNGINX1-2026-010)

The version of nginx installed on the remote host is prior to 1.28.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NGINX1-2026-010 advisory. A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security TLS servers. A...

[SECURITY] Fedora 43 Update: nginx-1.28.2-1.fc43

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

Fedora 43 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2026-cd0705c6a7)

The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-cd0705c6a7 advisory. nginx-mod-naxsi: - Rebuild for 1.28.2 nginx-mod-brotli: - Rebuild for 1.28.2 nginx-mod-fancyindex: - Rebuild for 1.28.2 nginx-mod-modsecurity: - Rebuild for...

OPENSUSE-SU-2026:10180-1 rustup-1.28.2~0-3.1 on GA media

These are all security issues fixed in the rustup-1.28.20-3.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-23766

No description is available for this CVE...

CVE-2026-22689

Mailpit is an email testing tool and API for developers. Prior to version 1.28.2, the Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicio...

CVE-2026-22689

Mailpit is an email testing tool and API for developers. Prior to version 1.28.2, the Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicio...

CVE-2026-22689 Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emails

Mailpit is an email testing tool and API for developers. Prior to version 1.28.2, the Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicio...

CVE-2026-22689 Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emails

Mailpit is an email testing tool and API for developers. Prior to version 1.28.2, the Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicio...

CVE-2026-22689 Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emails

Mailpit is an email testing tool and API for developers. Prior to version 1.28.2, the Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicio...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the system.enableCrossNamespaceCommands when it is enabled on by default. An attacker can perform unauthorized actions in a different namespace by submitting workflow task commands that target namespaces othe...

[SECURITY] Fedora 43 Update: rustup-1.28.2-6.fc43

Manage multiple rust installations with ease...

tika-core: Regular Expression Denial of Service in standards extractor

In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standa...

UBUNTU-CVE-2022-30126

In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standa...

PT-2022-17108 · Apache +1 · Apache Tika +1

Name of the Vulnerable Software and Affected Versions: Apache Tika versions prior to 1.28.2 Apache Tika versions prior to 2.4.0 Description: The issue concerns the BPG parser in Apache Tika, which may allocate an excessive amount of memory when processing carefully crafted files. Recommendations:...

MediaWiki SyntaxHighlight extension option injection vulnerability

This module exploits an option injection vulnerability in the SyntaxHighlight extension of MediaWiki. It tries to create & execute a PHP file in the document root. The USERNAME & PASSWORD options are only needed if the Wiki is configured as private. This vulnerability affects any MediaWiki...