OPENSUSE-SU-2026:10888-1 argocd-cli-3.4.3-1.1 on GA media

These are all security issues fixed in the argocd-cli-3.4.3-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10857-1 rsync-3.4.3-1.1 on GA media

These are all security issues fixed in the rsync-3.4.3-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-43618 affecting package rsync for versions less than 3.4.3-1

CVE-2026-43618 affecting package rsync for versions less than 3.4.3-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-45232 affecting package rsync for versions less than 3.4.3-1

CVE-2026-45232 affecting package rsync for versions less than 3.4.3-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-43619 affecting package rsync for versions less than 3.4.3-1

CVE-2026-43619 affecting package rsync for versions less than 3.4.3-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-43617 affecting package rsync for versions less than 3.4.3-1

CVE-2026-43617 affecting package rsync for versions less than 3.4.3-1. An upgraded version of the package is available that resolves this issue...

SUSE CVE-2026-45232

Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establishproxyconnection function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by positioning themselves...

Rsync < 3.4.3 Off-by-One Stack Write via HTTP Proxy

...

Rsync < 3.4.3 Symlink Race Condition via Path-Based Syscalls

...

CVE-2026-43619 Rsync < 3.4.3 Symlink Race Condition via Path-Based Syscalls

Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported rsync module...

CVE-2026-39602

Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Tracking: from n/a through = 3.4.3...

EUVD-2026-20232

Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Tracking: from n/a through = 3.4.3...

CVE-2026-39602

Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Tracking: from n/a through = 3.4.3...

CVE-2026-39602

Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Tracking: from n/a through = 3.4.3...

CVE-2026-39602 WordPress Order Tracking plugin <= 3.4.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Tracking: from n/a through = 3.4.3...

WordPress plugin Everest Forms 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

PT-2026-31167

Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Tracking: from n/a through = 3.4.3...

EUVD-2026-19939

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Daily Sales management table. The customername column is configured with escape: false in the bootstrap-tabl...

CVE-2026-39380

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Stock Locations configuration feature. The application fails to properly sanitize user input supplied throug...

CVE-2026-39380 Open Source Point of Sale has Stored XSS in Stock Location (Configuration)

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Stock Locations configuration feature. The application fails to properly sanitize user input supplied throug...