beets-2.11.0-1.1 on GA media (moderate)

beets-2.11.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10865-1 Rating: moderate Cross-References: CVE-2026-42052 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the beets-2.11.0-1.1...

CVE-2026-40607

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.11.0 through 2.28.1, a Stored XSS vulnerability is caused by incorrect escaping of a saved filter's owner, allowing an attacker to inject arbitrary HTML on systems where $gshowuserrealname = ON. Note that By default, only...

CVE-2026-40607

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.11.0 through 2.28.1, a Stored XSS vulnerability is caused by incorrect escaping of a saved filter's owner, allowing an attacker to inject arbitrary HTML on systems where $gshowuserrealname = ON. Note that By default, only...

Astra Linux - уязвимость в freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The affected versions are subject to an Out-of-Bounds Read in the generalLumaToYUV444 function. This Out-of-Bounds Read occurs because processing is performed on the in variable without checkin...

CLEANSTART-2026-UI95341 Security fixes for CVE-2026-44503, ghsa-7j59-v9qr-6fq9 applied in versions: 2.11.0-r2

Multiple security vulnerabilities affect the airflow-2 package. These issues are resolved in later releases. See references for individual vulnerability details...

OPENSUSE-SU-2026:10273-1 libudisks2-0-2.11.0-2.1 on GA media

These are all security issues fixed in the libudisks2-0-2.11.0-2.1 package on the GA media of openSUSE Tumbleweed...

I2P 2.11.0

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version...

CVE-2023-49654

Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system...

CVE-2019-12407

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim's browser and get some sensitive...

CVE-2025-13220

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode attributes in all versions up to, and including, 2.11.0 due to insufficient input...

CVE-2025-13220 Ultimate Member <= 2.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode attributes in all versions up to, and including, 2.11.0 due to insufficient input...

CVE-2025-13220

Summary of the CVE (CVE-2025-13220) : The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for WordPress (affected versions up to 2.11.0) is vulnerable to a Stored Cross-Site Scripting (XSS) via shortcode attributes. The root cause is ...

WordPress plugin Ultimate Member 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.Appointment Booking Calendar is an appointment booking plugin us...

CVE-2025-12492

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.0 via the ajaxgetmembers function. This is due to the use of a...

CVE-2025-13217

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the YouTube Video 'value' field in all versions up to, and including, 2.11.0. This is due to insufficient input...

CVE-2025-14081

The Ultimate Member plugin for WordPress is vulnerable to Profile Privacy Setting Bypass in all versions up to, and including, 2.11.0. This is due to a flaw in the secure fields mechanism where field keys are stored in the allowed fields list before the requiredperm check is applied during...

EUVD-2025-203923

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the YouTube Video 'value' field in all versions up to, and including, 2.11.0. This is due to insufficient input...

CVE-2025-14081 Ultimate Member <= 2.11.0 - Authenticated (Subscriber+) Profile Privacy Setting Bypass

The Ultimate Member plugin for WordPress is vulnerable to Profile Privacy Setting Bypass in all versions up to, and including, 2.11.0. This is due to a flaw in the secure fields mechanism where field keys are stored in the allowed fields list before the requiredperm check is applied during...

PT-2025-51861

The Ultimate Member plugin for WordPress is vulnerable to Profile Privacy Setting Bypass in all versions up to, and including, 2.11.0. This is due to a flaw in the secure fields mechanism where field keys are stored in the allowed fields list before the required perm check is applied during...

PT-2025-47657

Name of the Vulnerable Software and Affected Versions AuthKit-nextjs versions 2.11.0 and below Description The AuthKit library for Next.js, used for authentication and session management, does not apply anti-caching headers to authenticated responses in versions 2.11.0 and below. This can lead to...