ignition-2.26.0-4.1 on GA media (moderate)

ignition-2.26.0-4.1 on GA media Announcement ID: openSUSE-SU-2026:10892-1 Rating: moderate Cross-References: CVE-2026-33814 CVSS scores: CVE-2026-33814 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be...

OPENSUSE-SU-2026:10892-1 ignition-2.26.0-4.1 on GA media

These are all security issues fixed in the ignition-2.26.0-4.1 package on the GA media of openSUSE Tumbleweed...

CVE-2025-58360 GeoServer is vulnerable to an Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature

GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity XXE vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap...

EUVD-2024-2515

Malicious code in bioql PyPI...

CVE-2024-40625

GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/workspaceName/coveragestores/storeName/method.format allows attackers to upload files with a specified url with method equals 'url' with no restrict. This vulnerability is fix...

CVE-2024-40625 GeoServer Coverage REST API Allows Server Side Request Forgery

GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/workspaceName/coveragestores/storeName/method.format allows attackers to upload files with a specified url with method equals 'url' with no restrict. This vulnerability is fix...

CVE-2024-40625 GeoServer Coverage REST API Allows Server Side Request Forgery

GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/workspaceName/coveragestores/storeName/method.format allows attackers to upload files with a specified url with method equals 'url' with no restrict. This vulnerability is fix...

CVE-2024-40625

GeoServer's CVE-2024-40625 affects the Coverage REST API endpoint /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} where {method} = 'url' can upload arbitrary URLs without validation, enabling Server Side Request Forgery. The issue is tied to unfiltered file URL input and ...

Editor.js vulnerable to Code Injection

Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0...

Cross site scripting

Jumpserver 2.10.0 = version = 2.26.0 contains multiple stored XSS vulnerabilities because of improper filtering of user input, which can execute any javascript under admin's permission...

Jumpserver 跨站脚本漏洞

Jumpserver is an open source bastion machine from Hangzhou Feizhiyun Information Technology Co. in China. A security vulnerability exists in Jumpserver versions 2.10.0 through 2.26.0, which stems from improper filtering of user input. An attacker can exploit the vulnerability to execute arbitrary...

PT-2023-16898 · Unknown +2 · Apport-Cli +2

Name of the Vulnerable Software and Affected Versions: apport-cli versions 2.26.0 and earlier Description: A privilege escalation attack was found, similar to a known issue, which can be exploited by a local attacker if the system is specially configured. This configuration includes allowing...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to a memory leak issue via the GLESCreateTexture function in the SDLrendergles.c file. Remediation Upgrade sdl to version 2.26.0 or higher. References - GitHub Commit - GitHub PR - GitHub Release - RedHat...

CVE-2022-23474

Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0...

CVE-2022-23474 editor.js contains Code Injection

Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0...

CVE-2022-23474 editor.js contains Code Injection

Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0...

PT-2022-16015 · Editor.Js · Editor.Js

Name of the Vulnerable Software and Affected Versions: Editor.js versions prior to 2.26.0 Description: The issue concerns a code injection vulnerability via pasted input in Editor.js, a block-style editor. The processHTML method is vulnerable as it passes pasted input into the wrapper's innerHTML...