ignition-2.26.0-4.1 on GA media (moderate)

ignition-2.26.0-4.1 on GA media Announcement ID: openSUSE-SU-2026:10892-1 Rating: moderate Cross-References: CVE-2026-33814 CVSS scores: CVE-2026-33814 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be...

OPENSUSE-SU-2026:10892-1 ignition-2.26.0-4.1 on GA media

These are all security issues fixed in the ignition-2.26.0-4.1 package on the GA media of openSUSE Tumbleweed...

ignition-2.26.0-3.1 on GA media (moderate)

ignition-2.26.0-3.1 on GA media Announcement ID: openSUSE-SU-2026:10474-1 Rating: moderate Cross-References: CVE-2026-33186 CVSS scores: CVE-2026-33186 SUSE : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2026-33186 SUSE : 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N...

OPENSUSE-SU-2026:10474-1 ignition-2.26.0-3.1 on GA media

These are all security issues fixed in the ignition-2.26.0-3.1 package on the GA media of openSUSE Tumbleweed...

CVE-2025-58360 GeoServer is vulnerable to an Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature

GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity XXE vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap...

CVE-2025-61524

An issue in the permission verification module and organization/application editing interface in Casdoor v2.26.0 and before, and fixed in v.2.63.0, allows remote authenticated administrators of any organization within the system to bypass the system's permission verification mechanism by directly...

Casdoor 安全漏洞

Casdoor is an open source platform from Casdoor Open Source that supports multiple authentication and authorization protocols. A security vulnerability exists in Casdoor versions prior to 2.26.0, which stems from a flaw in the permission validation module and editing interface that could lead to ...

EUVD-2024-2515

Malicious code in bioql PyPI...

CVE-2024-40625

GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/workspaceName/coveragestores/storeName/method.format allows attackers to upload files with a specified url with method equals 'url' with no restrict. This vulnerability is fix...

CVE-2024-40625

GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/workspaceName/coveragestores/storeName/method.format allows attackers to upload files with a specified url with method equals 'url' with no restrict. This vulnerability is fix...

CVE-2024-40625 GeoServer Coverage REST API Allows Server Side Request Forgery

GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/workspaceName/coveragestores/storeName/method.format allows attackers to upload files with a specified url with method equals 'url' with no restrict. This vulnerability is fix...

CVE-2024-40625

GeoServer's CVE-2024-40625 affects the Coverage REST API endpoint /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} where {method} = 'url' can upload arbitrary URLs without validation, enabling Server Side Request Forgery. The issue is tied to unfiltered file URL input and ...

CVE-2024-40625 GeoServer Coverage REST API Allows Server Side Request Forgery

GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/workspaceName/coveragestores/storeName/method.format allows attackers to upload files with a specified url with method equals 'url' with no restrict. This vulnerability is fix...

PT-2024-26395 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.26.0 Description: GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. In affected versions, the welcome and about page includes version and revision...

Editor.js vulnerable to Code Injection

Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0...

CVE-2022-42225

Jumpserver 2.10.0 = version = 2.26.0 contains multiple stored XSS vulnerabilities because of improper filtering of user input, which can execute any javascript under admin's permission...

Cross site scripting

Jumpserver 2.10.0 = version = 2.26.0 contains multiple stored XSS vulnerabilities because of improper filtering of user input, which can execute any javascript under admin's permission...

Jumpserver 跨站脚本漏洞

Jumpserver is an open source bastion machine from Hangzhou Feizhiyun Information Technology Co. in China. A security vulnerability exists in Jumpserver versions 2.10.0 through 2.26.0, which stems from improper filtering of user input. An attacker can exploit the vulnerability to execute arbitrary...

PT-2023-14070 · Unknown · Jumpserver

Name of the Vulnerable Software and Affected Versions: Jumpserver versions 2.10.0 through 2.26.0 Description: The issue is related to multiple stored XSS vulnerabilities due to improper filtering of user input. This can lead to the execution of any javascript under admin's permission...

CVE-2023-1326

Technical details for CVE-2023-1326 are not provided in the connected documents. Available sources reference the vulnerability and related CVEs (e.g., CVE-2023-26604) but do not expose affected products, versions, or fixes beyond the apport-cli context.