OPENSUSE-SU-2026:10830-1 trivy-0.70.0-2.1 on GA media

These are all security issues fixed in the trivy-0.70.0-2.1 package on the GA media of openSUSE Tumbleweed...

openSUSE 16 Security Update : trivy (openSUSE-SU-2026:20702-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20702-1 advisory. Changes in trivy: - Update to version 0.70.0 bsc1260193, CVE-2026-33186, bsc1260971, CVE-2026-33747, bsc1261052, CVE-2026-33748, bsc1262389,...

OPENSUSE-SU-2026:20702-1 Security update for trivy

This update for trivy fixes the following issues: Changes in trivy: - Update to version 0.70.0 bsc1260193, CVE-2026-33186, bsc1260971, CVE-2026-33747, bsc1261052, CVE-2026-33748, bsc1262389, CVE-2026-39984, bsc1262893, CVE-2026-34986: release: v0.70.0 main 10105 choredeps: bump...

Security update for trivy (important)

openSUSE Security Update: Security update for trivy Announcement ID: openSUSE-SU-2026:0163-1 Rating: important References: 1255366 1258094 1258513 1260193 1260971 1261052 1262389 1262893 Cross-References: CVE-2025-64702 CVE-2025-66564 CVE-2025-69725 CVE-2026-25934 CVE-2026-33186 CVE-2026-33747...

CVE-2026-33193

Docmost is open-source collaborative wiki and documentation software. Versions prior to 0.70.0 are vulnerable to a stored cross-site scripting XSS attack due to improper handling of MIME type spoofing GHSL-2026-052. An attacker could exploit this flaw to inject malicious scripts, potentially...

CVE-2026-33193

Docmost is an open-source collaborative wiki; versions prior to 0.70.0 are affected by a stored XSS due to improper MIME-type handling (GHSL-2026-052). The vulnerability allows an attacker to inject scripts, potentially compromising user data. A patch is available in version 0.70.0. The CVSS vect...

CVE-2026-33146

Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets through the public search endpoint POST /api/search/share-search for publicly shared content. This...

PT-2026-32928

Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets through the public search endpoint POST /api/search/share-search for publicly shared content. This...

CVE-2026-23839

Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is ?categoryUpdated=. Version 0.70.0 fixes the issue...

CVE-2026-23840

Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is ?categoryDeleted=. Version 0.70.0 fixes the issue...

CVE-2026-23841

Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is ?categoryCreated=. Version 0.70.0 fixes the issue...

CVE-2026-23841 Movary vulnerable to Cross-site Scripting with `?categoryCreated=` param

Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is ?categoryCreated=. Version 0.70.0 fixes the issue...

CVE-2026-23840 Movary vulnerable to Cross-site Scripting with `?categoryDeleted=` param

Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is ?categoryDeleted=. Version 0.70.0 fixes the issue...

CVE-2026-23840 Movary vulnerable to Cross-site Scripting with `?categoryDeleted=` param

Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is ?categoryDeleted=. Version 0.70.0 fixes the issue...

CVE-2026-23840

CVE-2026-23840 affects Movary, a web application for tracking movie history. The issue arises from insufficient input validation in the vulnerable parameter ?categoryDeleted=, allowing cross-site scripting (XSS) payloads in versions prior to 0.70.0. The Red Hat/NVD/CVE data consistently state tha...

EUVD-2026-3301

Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is ?categoryDeleted=. Version 0.70.0 fixes the issue...

EUVD-2026-3302

Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is ?categoryUpdated=. Version 0.70.0 fixes the issue...

CVE-2026-23839

Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is ?categoryUpdated=. Version 0.70.0 fixes the issue...

CVE-2026-23839 Movary vulnerable to Cross-site Scripting with `?categoryUpdated=` param

Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is ?categoryUpdated=. Version 0.70.0 fixes the issue...

PT-2026-3481

Name of the Vulnerable Software and Affected Versions Movary versions prior to 0.70.0 Description Movary is a web application used to track, rate, and explore movie watch history. Insufficient input validation allows attackers to trigger cross-site scripting payloads. The vulnerable parameter is...