OPENSUSE-SU-2026:20476-1 Security update for mapserver

This update for mapserver fixes the following issues: Changes in mapserver: - Update to release 8.6.1 msSLDParseRasterSymbolizer: fix potential heap buffer overflow boo1260869 CVE-2026-33721 GetFeatureInfo with IDENTIFY CLASSAUTO: take into account SYMBOL.ANCHORPOINT WCS 2.0: fix issue when input...

BIT-PARSE-2025-67727 Parse Server GitHub CI workflow vulnerable to RCE through Improper Privilege Management

Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0, a GitHub CI workflow is triggered in a way that grants the GitHub Actions workflow elevated permissions, giving it access to GitHub secrets and write permissions which...

EUVD-2025-203056

Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0-alpha.2, a GitHub CI workflow is triggered in a way that grants the GitHub Actions workflow elevated permissions, giving it access to GitHub secrets and write permission...

CVE-2025-12563

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to limited file upload due to an incorrect capability check on theuploadVideo function in all versions up to, and including, 8.6.0. This makes it possible for authenticated attackers, with Subscriber-level acce...

CVE-2025-12563

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to limited file upload due to an incorrect capability check on theuploadVideo function in all versions up to, and including, 8.6.0. This makes it possible for authenticated attackers, with Subscriber-level acce...

WordPress Blog2Social plugin <= 8.6.0 - Incorrect Authorization to Video File Upload vulnerability

Incorrect Authorization to Video File Upload vulnerability discovered by thinnawarth mathuros in WordPress Plugin Blog2Social versions = 8.6.0...

EUVD-2022-0754

Malicious code in bioql PyPI...

CVE-2025-59952 minio-java Client XML Tag is Vulnerable to Value Substitution

MinIO Java SDK is a Simple Storage Service aka S3 client to perform bucket and object operations to any Amazon S3 compatible object storage service. In minio-java versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were automatically...

DeepDiff 安全漏洞

DeepDiff is a Python library by the individual developer Sep Dehpour. A security vulnerability exists in DeepDiff 8.6.0 and earlier versions, which stems from Delta class prototype contamination and could lead to denial of service and remote code execution...

CVE-2021-26087

An improper neutralization of input during web page generation in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 web interface may allow both authenticated remote attackers and non-authenticated attackers in the same network as the appliance to perform a...

CVE-2024-57085

A prototype pollution in the function deepMerge of @stryker-mutator/util v8.6.0 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

EasyVirt DC Scope和EasyVirt CO2 Scope 安全漏洞

EasyVirt DC Scope and EasyVirt CO2 Scope are both products of the French company EasyVirt.EasyVirt DC Scope is a monitoring and management solution for VMware Virtualization VMware.EasyVirt CO2 Scope is a real-time monitoring and control solution for IT services, virtual machines and servers in...

CVE-2024-55062

Code Injection vulnerability in EasyVirt DCScope = 8.6.0 and CO2Scope = 1.3.0 allows remote unauthenticated attackers to execute arbitrary code to /api/license/sendlicense/...

EasyVirt DC Scope和EasyVirt CO2 Scope 安全漏洞

EasyVirt DC Scope and EasyVirt CO2 Scope are both products of the French company EasyVirt.EasyVirt DC Scope is a monitoring and management solution for VMware Virtualization VMware.EasyVirt CO2 Scope is a real-time monitoring and control solution for IT services, virtual machines and servers in...

Oracle Siebel Server 8.5.1.x <= 8.5.1.7 / 8.6.0 (April 2019 CPU)

The versions of Oracle Siebel CRM installed on the remote host are affected by a vulnerability as referenced in the April 2019 CPU advisory - Vulnerability in the Oracle Knowledge component of Oracle Siebel CRM subcomponent: AnswerFlow Spring Framework. Supported versions that are affected are...

Microsoft Azure CycleCloud 访问控制错误漏洞

Microsoft Azure CycleCloud is a suite of enterprise-friendly tools from Microsoft Corporation USA for orchestrating and managing high-performance computing HPC environments on Azure. An access control error vulnerability exists in Microsoft Azure CycleCloud. An attacker exploiting this...

curl 安全漏洞

curl is a tool used to transfer data from or to a server. A security vulnerability exists in curl versions 7.85.0 through 8.6.0 that stems from a logic error in the delete protocol that misinterprets input...

CVE-2023-34985

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters...

PT-2023-6145 · Fortinet · Fortiwlm

Name of the Vulnerable Software and Affected Versions: Fortinet FortiWLM versions 8.5.0 through 8.5.4 Fortinet FortiWLM versions 8.6.0 through 8.6.5 Description: The issue exists due to improper neutralization of special elements used in an operating system command, allowing for os command...

Progress ipswitch WS_FTP Server 跨站脚本漏洞

Progress ipswitch WSFTP Server is an FTP server software. A security vulnerability exists in Progress ipswitch WSFTP Server version 8.6.0 that originates from improper handling of user-supplied input. An attacker could exploit the vulnerability to execute malicious code and commands on the client...