crun-1.27-1.1 on GA media (moderate)

crun-1.27-1.1 on GA media Announcement ID: openSUSE-SU-2026:10524-1 Rating: moderate Cross-References: CVE-2026-30892 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the crun-1.27-1.1 package ...

[SECURITY] Fedora 42 Update: crun-1.27-1.fc42

crun is a OCI runtime...

OPENSUSE-SU-2026:10524-1 crun-1.27-1.1 on GA media

These are all security issues fixed in the crun-1.27-1.1 package on the GA media of openSUSE Tumbleweed...

crun security update

1.27-1 - update to https://github.com/containers/crun/releases/tag/1.27 - fixes CVE-2026-30892 crun: crun: Privilege escalation due to incorrect parsing of the --user option rhel-10.1.z - Resolves: RHEL-161416...

Fedora 43 : crun (2026-4747ff73a3)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-4747ff73a3 advisory. Automatic update for crun-1.27-1.fc43. Changelog for crun Wed Mar 25 2026 Packit - 1.27-1 - Update to 1.27 upstream release Mon Dec 22 2025 Packit - 1.26-1 -...

CVE-2026-25031

Deserialization of Untrusted Data vulnerability in parkofideas Tasty Daily tastydaily allows Object Injection.This issue affects Tasty Daily: from n/a through 1.27...

SUSE CVE-2026-30892

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...

UBUNTU-CVE-2026-30892

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...

CVE-2026-30892

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...

EUVD-2026-16026

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...

EUVD-2026-15629

Deserialization of Untrusted Data vulnerability in parkofideas Tasty Daily tastydaily allows Object Injection.This issue affects Tasty Daily: from n/a through 1.27...

CVE-2026-25031

Deserialization of Untrusted Data vulnerability in parkofideas Tasty Daily tastydaily allows Object Injection.This issue affects Tasty Daily: from n/a through 1.27...

CVE-2026-25031 WordPress Tasty Daily theme < 1.27 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in parkofideas Tasty Daily tastydaily allows Object Injection.This issue affects Tasty Daily: from n/a through 1.27...

WordPress Tasty Daily theme < 1.27 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Tasty Daily versions 1.27...

CVE-2020-37149

CVE-2020-37149 affects Edimax EW-7438RPn-v3 Mini (firmware around v1.27). The root cause is a CSRF vulnerability that lets an attacker trick an authenticated user into submitting a crafted request to the /goform/mp endpoint, resulting in arbitrary command execution with the user’s privileges. Pub...

CVE-2020-37149 Edimax Technology EW-7438RPn-v3 Mini 1.27 - Cross-Site Request Forgery (CSRF) to Command Execution

Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to cross-site request forgery CSRF that can lead to command execution. An attacker can trick an authenticated user into submitting a crafted form to the /goform/mp endpoint, resulting in arbitrary command execution on the device with the user's...

CVE-2020-37125

The CVE-2020-37125 entry describes a remote code execution vulnerability in Edimax EW-7438RPn-v3 Mini 1.27. Affected component is the device firmware; the root cause is command injection in the /goform/mp endpoint that can be exploited by unauthenticated attackers sending crafted POST requests to...

PT-2026-6589

Name of the Vulnerable Software and Affected Versions Edimax EW-7438RPn-v3 Mini version 1.27 Description The Edimax EW-7438RPn-v3 Mini device version 1.27 is susceptible to a cross-site request forgery CSRF issue. Successful exploitation allows an attacker to execute commands on the device with t...

CVE-2025-69007

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OTWthemes Popping Sidebars and Widgets Light popping-sidebars-and-widgets-light allows Stored XSS.This issue affects Popping Sidebars and Widgets Light: from n/a through = 1.27...

CVE-2025-69007 WordPress Popping Sidebars and Widgets Light plugin <= 1.27 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OTWthemes Popping Sidebars and Widgets Light popping-sidebars-and-widgets-light allows Stored XSS.This issue affects Popping Sidebars and Widgets Light: from n/a through = 1.27...