OPENSUSE-SU-2026:20460-1 Security update for chromium

This update for chromium fixes the following issues: Changes in chromium: - Chromium 146.0.7680.177 boo1261249 CVE-2026-5273: Use after free in CSS CVE-2026-5272: Heap buffer overflow in GPU CVE-2026-5274: Integer overflow in Codecs CVE-2026-5275: Heap buffer overflow in ANGLE CVE-2026-5276:...

DEBIAN-CVE-2026-5282

Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

CVE-2026-5282

creationtimestamp| type| source ---|---|--- 2026-03-31 17:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0385/ 2026-04-01 08:01:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mig7yd45t522 2026-04-01 15:31:15+00:00| seen|...

MINI-HGXV-5282-M9M9

Bulletin has no description...

CVE-2025-5282

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deletepackage function in all versions up to, and including, 6.5.1. This makes it possible for unauthenticated attackers to...

WordPress WP Travel Engine plugin <= 6.5.1 - Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability discovered by mikemyers in WordPress Plugin WP Travel Engine versions = 6.5.1...

CVE-2025-5282

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deletepackage function in all versions up to, and including, 6.5.1. This makes it possible for unauthenticated attackers to...

CVE-2025-5282

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deletepackage function in all versions up to, and including, 6.5.1. This makes it possible for unauthenticated attackers to...

CVE-2025-5282 WP Travel Engine <= 6.5.1 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deletepackage function in all versions up to, and including, 6.5.1. This makes it possible for unauthenticated attackers to...

CVE-2025-5282

CVE-2025-5282 : WP Travel Engine – Tour Booking Plugin (WordPress) versions up to and including 6.5.1 are vulnerable due to a missing capability check in delete_package(), allowing unauthenticated attackers to delete arbitrary posts. The issue is confirmed in multiple sources (NVD entry, Red Hat ...

CVE-2025-5282 WP Travel Engine <= 6.5.1 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deletepackage function in all versions up to, and including, 6.5.1. This makes it possible for unauthenticated attackers to...

CVE-2024-5282

The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2019-5282

Bastet module of some Huawei smartphones with Versions earlier than Emily-AL00A 9.0.0.182C00E82R1P21, Versions earlier than Emily-TL00B 9.0.0.182C01E82R1P21, Versions earlier than Emily-L09C 9.0.0.203C432E7R1P11, Versions earlier than Emily-L29C 9.0.0.203C432E7R1P11, Versions earlier than...

Linux Distros Unpatched Vulnerability : CVE-2014-5282

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via...

CVE-2020-5282

In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in the npm command which is part of this software package. This allows arbitrary shell execution,which can compromise the bot This is patched in version 1.0.0-beta...

CVE-2024-5282

creationtimestamp| type| source ---|---|--- 2024-07-13 08:49:48+00:00| seen| https://t.me/cvedetector/807...

CVE-2024-5282

CVE-2024-5282 — wp-affiliate-platform prior to 6.5.1 allows reflected XSS by not sanitizing/escaping a parameter before echoing it. Impact targets high-privilege users (admin). Remediation: upgrade to version 6.5.1 or later (patched). References across connected feeds corroborate the reflected XS...

CVE-2024-5282 WP Affiliate Platform < 6.5.1 - Reflected XSS via Registration Form

The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2019-5282

creationtimestamp| type| source ---|---|--- 2024-02-14 08:51:11+00:00| seen| https://t.me/ctinow/184467...

CVE-2023-5282

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file seedmessagestudent.php. The manipulation of the argument teacherid leads to sql injection. The attack can be initiated remotely. The explo...