beets-2.11.0-1.1 on GA media (moderate)

beets-2.11.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10865-1 Rating: moderate Cross-References: CVE-2026-42052 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the beets-2.11.0-1.1...

CVE-2026-40607

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.11.0 through 2.28.1, a Stored XSS vulnerability is caused by incorrect escaping of a saved filter's owner, allowing an attacker to inject arbitrary HTML on systems where $gshowuserrealname = ON. Note that By default, only...

CVE-2026-40607

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.11.0 through 2.28.1, a Stored XSS vulnerability is caused by incorrect escaping of a saved filter's owner, allowing an attacker to inject arbitrary HTML on systems where $gshowuserrealname = ON. Note that By default, only...

CVE-2026-40607 MantisBT is Vulnerable to Stored XSS Through its Saved-Filter Owner Column

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.11.0 through 2.28.1, a Stored XSS vulnerability is caused by incorrect escaping of a saved filter's owner, allowing an attacker to inject arbitrary HTML on systems where $gshowuserrealname = ON. Note that By default, only...

Astra Linux - уязвимость в freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The affected versions are vulnerable to a Out-of-Bounds Read vulnerability in the nscrledecompressdata function. The Out-of-Bounds Read vulnerability occurs because the function processes...

CLEANSTART-2026-DN70218 Security fixes for CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33810, CVE-2026-33815, CVE-2026-33816, CVE-2026-35469, CVE-2026-39883, ghsa-78h2-9frx-2jm8, ghsa-9jj7-4m8r-rfcm, ghsa-f6x5-jh6r-wrfv, ghsa-hfvc-g4fc-pqhx, ghsa-j5w8-q4qc-rx2x, ghsa-pc3f-x583-g7j2, ghsa-xmrv-pmrh-hhx2 applied in versions: 2.11.0-r0, 2.11.0-r1, 2.11.913-r0

Multiple security vulnerabilities affect the jitsucom-bulker package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-UI95341 Security fixes for CVE-2026-44503, ghsa-7j59-v9qr-6fq9 applied in versions: 2.11.0-r2

Multiple security vulnerabilities affect the airflow-2 package. These issues are resolved in later releases. See references for individual vulnerability details...

io.quarkiverse.docling:quarkus-docling (>=0.0.1 <=0.0.4), io.quarkiverse.docling:quarkus-docling-deployment (>=0.0.1 <=0.0.4) +54 more potentially affected by CVE-2026-42333 via io.quarkiverse.openapi.generator:quarkus-openapi-generator (>=2.0.0 <=2.11.0)

io.quarkiverse.openapi.generator:quarkus-openapi-generator MAVEN version =2.0.0, =0.0.1, =0.0.1, =2.0.0, =2.10.0, =2.10.0, =2.11.0-lts - org.apache.kie.sonataflow:sonataflow-addons-quarkus-camel =10.2.0 - org.apache.kie.sonataflow:sonataflow-addons-quarkus-camel-deployment =10.2.0 -...

Astra Linux - уязвимость в freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the generalLumaToYUV444 function. This Out-Of-Bounds Read occurs because processing is done on the in variable without checking if it...

Nats-Server 安全漏洞

Nats-Server is a high-performance server developed by Nats Open Source, used in Nats.io, cloud, and edge native messaging systems. There were security vulnerabilities in versions of Nats-Server from 2.11.0 to 2.11.15, as well as in version 2.12.6. These vulnerabilities stemmed from the ability of...

Node.js Module @enclave-vm/core < 2.11.0 RCE

The version of the @enclave-vm/core Node.js module installed on the remote host is prior to 2.11.0. It is, therefore, affected by a remote code execution vulnerability: - It is possible to escape the security boundaries of the sandbox, which can be used to achieve remote code execution...

CVE-2026-27446

Missing Authentication for Critical Function CWE-306 vulnerability in Apache Artemis, Apache ActiveMQ Artemis. An unauthenticated remote attacker can use the Core protocol to force a target broker to establish an outbound Core federation connection to an attacker-controlled rogue broker. This cou...

OPENSUSE-SU-2026:10273-1 libudisks2-0-2.11.0-2.1 on GA media

These are all security issues fixed in the libudisks2-0-2.11.0-2.1 package on the GA media of openSUSE Tumbleweed...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the adminLoad.handleLoad process. An attacker can modify the running configuration and alter server behavior by sending cross-origin requests to the local admin API when origin enforcement is not...

acceldata-o2a (=1.0.0), aglow (>=0.1.0rc3 <=0.1.0rc4) +30 more potentially affected by CVE-2024-56373 via apache-airflow (>=2.0.0 <=2.11.0)

apache-airflow PYPI version =2.0.0, =0.1.0rc3, =0.1.0, =0.6.0, =0.0.1, =0.6.4, =1.0.0, =0.2.0, =2.10.3, =0.3.12, =1.8.0rc2, =4.3.0, =6.0.1 and more Source cves: CVE-2024-56373 Source advisory: SNYK:PYTHON-APACHEAIRFLOW-15339025...

I2P 2.11.0

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version...

CVE-2026-23529 Arbitrary File Read in Google BigQuery Sink connector

Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connector requires Google Cloud credential configurations...

Kafka Connect BigQuery Connector code issues and vulnerabilities

Kafka Connect BigQuery Connector is a high-performance data synchronization middleware developed by Aiven Open. Versions of the connector prior to 2.11.0 contained code vulnerabilities. These vulnerabilities stemmed from the fact that the service did not validate the credentials from external...

CVE-2023-49654

Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system...

CVE-2019-12407

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim's browser and get some sensitive...