PT-2026-31569

Name of the Vulnerable Software and Affected Versions Ziggeo plugin for WordPress versions through 3.1.1 Description The Ziggeo plugin for WordPress is susceptible to missing authorization checks. The wp ajax ziggeo ajax handler verifies a nonce but does not confirm user capabilities using curren...

Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools

This update fixes the following issues: spacecmd: Version 5.2.6-0 Update translation strings uyuni-tools: Version 5.2.5-0 Remove migrate command Remove template script from mgradm: use the one in the image Split the TFTP server into a separate container Explicitly start proxy pods after operation...

Maintenance update for Multi-Linux Manager 4.3: Server, Proxy and Retail

Description: This update fixes the following issues: mgr-cfg: Version 4.3.7-0 Non-customer-facing optimization and update mgr-custom-info: Version 4.3.4-0 Non-customer-facing optimization and update mgr-daemon: Version 4.3.13-0 Update translation strings mgr-osad: Version 4.3.8-0...

SUSE-SU-2026:1010-1 Security update 5.0.7 for Multi-Linux Manager Server

This update fixes the following issues: branch-network-formula: - Update to version 1.1.0 Enable containers on SLE15SP7 Exclude podman interfaces from sysctl setting cobbler: - Compatibility fixes for tftpboot directory setup inter-server-sync: - Version 0.3.10-0 Write log to a rotated file witho...

CVE-2025-64174

Magento-lts is a long-term support alternative to Magento Community Edition CE. Versions 20.15.0 and below are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin with direct database access or the admin notification feed source to inject malicious scripts...

GHSA-QV78-C8HC-438R OpenMage vulnerable to XSS in Admin Notifications

Summary OpenMage versions v20.15.0 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin with direct database access or the admin notification feed source to inject malicious scripts into vulnerable fields. Malicious JavaScript may be execute...

Security update 5.1.0 GM for Multi-Linux Manager Client Tools

This update fixes the following issues: spacecmd: Version update from 5.1.6-0 to 5.1.8-0 with the following key change: Update translation strings uyuni-tools: Version 5.1.14-0: Fix mgradm backup create handling of images and systemd files bsc1244563 migrate existing TLS certificates from 4.3...

Cross-site Scripting (XSS)

Vue I18n is vulnerable to Cross-site Scripting XSS. The vulnerability is due to incomplete escaping of interpolated parameters caused by the failure of the escapeParameterHtml: true option to prevent tag-based payload execution when rendered using v-html, even with minor HTML in translation strin...

Cross-site Scripting (XSS)

Overview org.webjars.bowergithub.kazupon:vue-i18n is an Internationalization plugin for Vue.js Affected versions of this package are vulnerable to Cross-site Scripting XSS when performing translations with escapeParameterHtml set to true. An attacker can execute arbitrary JavaScript code in the...

Security update for SUSE Manager Client Tools

This update fixes the following issues: scap-security-guide was updated to version 0.1.75 jscECO-3319: Added Ism profile for OL8, OL9 Added new product kylinserver10 Created OL10 product Release SLMicro5 product Replaced two date injections by SOURCEDATEEPOCH to make reproducible bsc1230361 Updat...

Security update for SUSE Manager Client Tools

This update fixes the following issues: spacecmd was updated to version 5.0.11-0: Updated translation strings uyuni-tools was updated from version 0.1.23-0 to 0.1.27-0: Security issues fixed: CVE-2024-22037: Use podman secret to store the database credentials bsc1231497 Other changes and bugs...

[SECURITY] [DLA 4010-1] python-django security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4010-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb January 10, 2025 https://wiki.debian.org/LTS -...

SUSE-SU-2024:3267-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: golang-github-prometheus-prometheus: - Security issues fixed: CVE-2024-6104: Update go-retryablehttp to version 0.7.7 bsc1227038 CVE-2023-45142: Updated otelhttp to version 0.46.1 bsc1228556 - Require Go 1.20 for building - Migrate from disabled to manual...

SUSE-SU-2024:3266-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: golang-github-prometheus-prometheus: - Security issues fixed: CVE-2024-6104: Update go-retryablehttp to version 0.7.7 bsc1227038 CVE-2023-45142: Updated otelhttp to version 0.46.1 bsc1228556 - Require Go 1.20 for building - Migrate from disabled to manual...

CVE-2024-43782 openedx-translations's Atlas translations for Open edX missing validation

This openedx-translations repository contains translation files from Open edX repositories to be kept in sync with Transifex. Before moving to pulling translations from the openedx-translations repository via openedx-atlas, translations in the edx-platform repository were validated using...

CVE-2024-43782

Technical details about CVE-2024-43782 are not publicly provided in the supplied documents. Monitor for updates as affected versions, exploit availability, and fixes may be disclosed in future advisories.

PT-2023-28094 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 773 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting XSS. This allows users with low privileges to introduce Javascript...

PT-2022-26027 · WordPress · Polylang

Name of the Vulnerable Software and Affected Versions: Polylang versions up to, and including, 3.2.16 Description: The Theme and plugin translation for Polylang is vulnerable to authorization bypass due to missing capability checks in the process polylang theme translation wp loaded function. Thi...

SUSE-SU-2022:3878-1 Security update for SUSE Manager Server 4.2

This update fixes the following issues: hub-xmlrpc-api: - Use golangAPI = 1.18 for building on SUSE bsc1203599 This source fails to build with the current go1.19 on SUSE and we need to use go1.18 instead. inter-server-sync: - Version 0.2.4 Improve memory usage and log information 17193 Conditiona...

SUSE-SU-2021:3170-1 Security update for SUSE Manager Server 4.2

This update fixes the following issues: branch-network-formula: - Use kernel parameters from PXE formula also for local boot cobbler - security issues fixed: - CVE-2021-40323: Fixed an arbitrary file disclosure/Template Injection bsc1189458 - CVE-2021-40324: Fixed an arbitrary file write bsc11894...