EulerOS Virtualization 2.12.1 : nghttp2 (EulerOS-SA-2026-2082)

According to the versions of the nghttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops...

EulerOS Virtualization 2.10.0 : nghttp2 (EulerOS-SA-2026-2057)

According to the versions of the nghttp2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops...

EulerOS Virtualization 2.13.1 : libarchive (EulerOS-SA-2026-2133)

According to the versions of the libarchive package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libarchive bsdtar before version 3.8.1 in function applysubstitution in file tar/subst.c when...

EulerOS Virtualization 2.12.0 : python-virtualenv (EulerOS-SA-2026-2113)

According to the versions of the python-virtualenv package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU...

EulerOS Virtualization 2.10.1 : python-pip (EulerOS-SA-2026-2034)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in...

EulerOS Virtualization 2.13.1 : libpng (EulerOS-SA-2026-2135)

According to the versions of the libpng package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image...

PT-2026-47123

The Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Form Submission Data in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This make...

PT-2026-47132

The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chat shortcode 'num' parameter in all versions up to, and including, 4.38. This is due to insufficient escaping when embedding user-supplied shortcode attribute values inside JavaScript string...

PT-2026-47160

A vulnerability has been found in theonedev onedev up to 15.0.5. Affected by this vulnerability is an unknown functionality of the file /projects. The manipulation of the argument project.forkedFromId leads to improper authorization. The attack is possible to be carried out remotely. Upgrading to...

PT-2026-47158

A vulnerability was detected in Mage AI up to 0.9.79. This impacts the function useMutation of the file mage ai/frontend/components/Sessions/SignForm/index.tsx of the component Sign-in Flow. Performing a manipulation of the argument query.redirect url results in cross site scripting. Remote...

Slackware Linux 15.0 / current tigervnc Vulnerability (SSA:2026-154-05)

The version of tigervnc installed on the remote host is prior to 1.16.2. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-154-05 advisory. New tigervnc packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the preceding...

EulerOS Virtualization 2.10.1 : libarchive (EulerOS-SA-2026-2023)

According to the versions of the libarchive package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata...

EulerOS Virtualization 2.12.1 : openssl (EulerOS-SA-2026-2083)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short...

RHEL 9 : kpatch-patch-5_14_0-570_17_1, kpatch-patch-5_14_0-570_39_1, kpatch-patch-5_14_0-570_66_1, and kpatch-patch-5_14_0-570_94_1 (RHSA-2026:23468)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:23468 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patc...

EulerOS Virtualization 2.13.1 : python-requests (EulerOS-SA-2026-2146)

According to the versions of the python-requests package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made...

EulerOS Virtualization 2.13.0 : python-urllib3 (EulerOS-SA-2026-2186)

According to the versions of the python-urllib3 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP...

perl-HTTP-Daemon-6.170.0-1.1 on GA media (moderate)

perl-HTTP-Daemon-6.170.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10938-1 Rating: moderate Cross-References: CVE-2026-8450 CVSS scores: CVE-2026-8450 SUSE : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can...

PT-2026-47145

The Booking Package plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in versions up to, and including, 1.7.16. This is due to a missing capability check on the 'updateUser' branch of the package app action AJAX endpoint, where the handler only validates a nonce and...

EulerOS Virtualization 2.13.0 : libpng (EulerOS-SA-2026-2174)

According to the versions of the libpng package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image...

Debian dsa-6318 : gstreamer1.0-gtk3 - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6318 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6318-1 [email protected] https://www.debian.org/securit...