crun-1.27-1.1 on GA media (moderate)

crun-1.27-1.1 on GA media Announcement ID: openSUSE-SU-2026:10524-1 Rating: moderate Cross-References: CVE-2026-30892 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the crun-1.27-1.1 package ...

[SECURITY] Fedora 42 Update: crun-1.27-1.fc42

crun is a OCI runtime...

OPENSUSE-SU-2026:10524-1 crun-1.27-1.1 on GA media

These are all security issues fixed in the crun-1.27-1.1 package on the GA media of openSUSE Tumbleweed...

crun security update

1.27-1 - update to https://github.com/containers/crun/releases/tag/1.27 - fixes CVE-2026-30892 crun: crun: Privilege escalation due to incorrect parsing of the --user option rhel-10.1.z - Resolves: RHEL-161416...

Fedora 43 : crun (2026-4747ff73a3)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-4747ff73a3 advisory. Automatic update for crun-1.27-1.fc43. Changelog for crun Wed Mar 25 2026 Packit - 1.27-1 - Update to 1.27 upstream release Mon Dec 22 2025 Packit - 1.26-1 -...

CVE-2026-30892

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...

CVE-2020-37149 Edimax Technology EW-7438RPn-v3 Mini 1.27 - Cross-Site Request Forgery (CSRF) to Command Execution

Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to cross-site request forgery CSRF that can lead to command execution. An attacker can trick an authenticated user into submitting a crafted form to the /goform/mp endpoint, resulting in arbitrary command execution on the device with the user's...

CVE-2020-37125

The CVE-2020-37125 entry describes a remote code execution vulnerability in Edimax EW-7438RPn-v3 Mini 1.27. Affected component is the device firmware; the root cause is command injection in the /goform/mp endpoint that can be exploited by unauthenticated attackers sending crafted POST requests to...

PT-2026-6589

Name of the Vulnerable Software and Affected Versions Edimax EW-7438RPn-v3 Mini version 1.27 Description The Edimax EW-7438RPn-v3 Mini device version 1.27 is susceptible to a cross-site request forgery CSRF issue. Successful exploitation allows an attacker to execute commands on the device with t...

CVE-2025-69007

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OTWthemes Popping Sidebars and Widgets Light popping-sidebars-and-widgets-light allows Stored XSS.This issue affects Popping Sidebars and Widgets Light: from n/a through = 1.27...

CVE-2025-69007 WordPress Popping Sidebars and Widgets Light plugin <= 1.27 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OTWthemes Popping Sidebars and Widgets Light popping-sidebars-and-widgets-light allows Stored XSS.This issue affects Popping Sidebars and Widgets Light: from n/a through = 1.27...

WordPress plugin Popping Sidebars and Widgets Light 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress Popping Sidebars and Widgets Light plugin <= 1.27 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin Popping Sidebars and Widgets Light versions = 1.27...

EUVD-2023-38013

Malicious code in bioql PyPI...

CVE-2025-58853

Cross-Site Request Forgery CSRF vulnerability in OTWthemes Popping Sidebars and Widgets Light popping-sidebars-and-widgets-light allows Reflected XSS.This issue affects Popping Sidebars and Widgets Light: from n/a through = 1.27...

CVE-2025-58853

Cross-Site Request Forgery CSRF vulnerability in OTWthemes Popping Sidebars and Widgets Light popping-sidebars-and-widgets-light allows Reflected XSS.This issue affects Popping Sidebars and Widgets Light: from n/a through = 1.27...

CVE-2025-58853

CVE-2025-58853 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Popping Sidebars and Widgets Light (OTWthemes) that enables Reflected XSS. Affected are Popping Sidebars and Widgets Light versions up to 1.27. Public details in connected docs indicate the issue an...

CVE-2025-58853 WordPress Popping Sidebars and Widgets Light Plugin <= 1.27 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in OTWthemes Popping Sidebars and Widgets Light popping-sidebars-and-widgets-light allows Reflected XSS.This issue affects Popping Sidebars and Widgets Light: from n/a through = 1.27...

WordPress Popping Sidebars and Widgets Light Plugin <= 1.27 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Popping Sidebars and Widgets Light versions = 1.27...

WordPress Popping Sidebars and Widgets Light plugin <= 1.27 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Popping Sidebars and Widgets Light versions = 1.27...