openSUSE 16 Security Update : evince (openSUSE-SU-2026:20850-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20850-1 advisory. Changes in evince: - Update to version 48.2 bsc1265880 CVE-2026-46529: - shell: Quote strings in arguments used when calling evspawn - Update to version...

OPENSUSE-SU-2026:20850-1 Security update for evince

This update for evince fixes the following issues: Changes in evince: - Update to version 48.2 bsc1265880 CVE-2026-46529: + shell: Quote strings in arguments used when calling evspawn - Update to version 48.1+6: + build: bump DjVuLibre version required + libview: Fix crash in the accessible code...

Pimcore Admin Classic Bundle Vulnerable to SQL Injection in Translation Grid Date Filter via Unsanitized Property Parameter

GM-369 Summary SQL injection in Pimcore's translation grid date filter — the user-supplied property field from the filter JSON is interpolated directly into a UNIXTIMESTAMPDATEFROMUNIXTIME... SQL expression without parameterization or allowlist validation. Affected Component - Package:...

SUSE CVE-2026-44263

Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. This issue has been patched in version 5.17.1...

CVE-2026-41692

i18nextify is a JavaScript library that adds website internationalization via a script tag, without source code changes. Versions prior to 4.0.8 substitute key interpolation tokens inside src and href attribute values with the raw string returned by i18next.t. The substitution logic in...

EUVD-2026-28440

i18nextify is a JavaScript library that adds website internationalization via a script tag, without source code changes. Versions prior to 4.0.8 substitute key interpolation tokens inside src and href attribute values with the raw string returned by i18next.t. The substitution logic in...

CVE-2026-41692

i18nextify is a JavaScript library that adds website internationalization via a script tag, without source code changes. Versions prior to 4.0.8 substitute key interpolation tokens inside src and href attribute values with the raw string returned by i18next.t. The substitution logic in...

CVE-2026-44263 Weblate: Private Translation Enumeration via Screenshot API

Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. This issue has been patched in version 5.17.1...

CVE-2026-44263 Weblate: Private Translation Enumeration via Screenshot API

Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. This issue has been patched in version 5.17.1...

Information Exposure

Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Information Exposure in the Screenshot API, tasks API, and component link API. An attacker can access private translation data by enumeratin...

GHSA-GCG5-86JR-F7JG Weblate Vulnerable to Private Translation Enumeration via Screenshot API

Impact The screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. Patches https://github.com/WeblateOrg/weblate/pull/19258 Acknowledgement Weblate thanks Luay for reporting this vulnerability according to the organization's...

SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2026:1648-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1648-1 advisory. Update to version 2.52.1. Security issues fixed: - CVE-2026-20643: processing maliciously crafted web content may bypass Same Origin Policy...

[SECURITY] Fedora 44 Update: qt6-qttranslations-6.10.3-1.fc44

Qt6 - QtTranslations module...

[SECURITY] Fedora 44 Update: mingw-qt6-qttranslations-6.10.3-1.fc44

This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler...

openSUSE 16 Security Update : qt6-translations (openSUSE-SU-2026:20615-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20615-1 advisory. Added qt6-translations. Tenable has extracted the preceding description block directly from the SUSE security advisory. Note that Nessus has not tested...

OPENSUSE-SU-2026:20615-1 Security update for qt6-translations

This update for qt6-translations fixes the following issues: Added qt6-translations...

Security update 5.1.3 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-lusitaniae-apacheexporter: Internal changes to fix build issues with no impact for customers spacecmd: Version 5.1.13-0 Updated translation strings venv-salt-minion: Security issues fixed: CVE-2026-31958: Security patch for Salt vendored...

SUSE-SU-2026:1520-1 Security update 5.1.3 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-lusitaniae-apacheexporter: - Internal changes to fix build issues with no impact for customers spacecmd: - Version 5.1.13-0 Updated translation strings uyuni-tools: - Version 5.1.26-0 Fixed applying PTF with images from RPMs bsc1252548 Ssl Key...

Cross-site Scripting (XSS)

Overview i18nextify is an enables localization of any page with zero effort Affected versions of this package are vulnerable to Cross-site Scripting XSS via replaceInside, used by the translateProps function in src/localize.js when untrusted translation values containing dangerous URL schemes suc...

SUSE-FU-2026:21232-1 Feature update for libgcrypt, libgpg-error

This update for libgcrypt, libgpg-error fixes the following issues: Update libgcrypt to 1.12.1 jscPED-15059: New and extended interfaces: - Allow access to the FIPS service indicator via the new GCRYCTLFIPSSERVICEINDICATOR control code. - Make SHA-1 non-FIPS internally for the 1.12 API - Add...