Unity Linux 20.1070e Security Update: xorg-x11-server (UTSA-2026-005926)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005926 advisory. A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The...

create-momentum-app (>=0.1.2 <=0.5.0) potentially affected by CVE-2026-27739 via @angular/ssr (=21.1.2)

@angular/ssr NPM version =21.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on @angular/ssr and may be impacted: - create-momentum-app =0.1.2, =0.5.0 Source cves: CVE-2026-27739 Source advisory: OSV:GHSA-X288-3778-4HHX...

CVE-2025-66556

Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID. This vulnerability is fixed in 20.1.8 and 21.1.2...

CVE-2025-66556

Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID. This vulnerability is fixed in 20.1.8 and 21.1.2...

CVE-2023-28784

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Contest Gallery plugin = 21.1.2 versions...

WordPress plugin Contest Gallery 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2023-21340 · Liveaction · Liveaction Livesp

Name of the Vulnerable Software and Affected Versions: LiveAction LiveSP version 21.1.2 Description: A stored HTML injection issue allows attackers to execute arbitrary code via a crafted payload. Recommendations: For LiveAction LiveSP version 21.1.2, update to a version that fixes this issue to...

LiveAction LiveSP 跨站脚本漏洞

LiveAction LiveSP is a network monitoring software for service providers from LiveAction. A security vulnerability exists in LiveAction LiveSP version v21.1.2. An attacker could exploit this vulnerability to execute arbitrary code via a specially crafted payload...

CVE-2023-24721

A cross-site scripting XSS vulnerability in LiveAction LiveSP v21.1.2 allows attackers to execute arbitrary web scripts or HTML...

PT-2023-19748 · Liveaction · Liveaction Livesp

Name of the Vulnerable Software and Affected Versions: LiveAction LiveSP version 21.1.2 Description: A cross-site scripting XSS vulnerability allows attackers to execute arbitrary web scripts or HTML. Recommendations: For LiveAction LiveSP version 21.1.2, update to a version that fixes this issue...

SUSE CVE-2021-4011

A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...