CLSA-2026-1778751841 php: Fix of CVE-2026-6735

CVE-2026-6735: HTML-encode proc.requesturi and tighten querystring entity flags in sapi/fpm/fpm/fpmstatus.c to fix XSS in PHP-FPM status endpoint...

PT-2026-20847

Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.4.9 Description SPIP versions before 4.4.9 contain a Cross-Site Scripting XSS issue in the private area. The echappe anti xss function was not consistently applied to input, form, button, and anchor HTML tags, enabling...

EUVD-2024-1241

Malicious code in bioql PyPI...

CVE-2025-32019

Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Versions 2.11.2 and below, as well as versions 2.12.0-rc1 and 2.13.0-rc1, contain a vulnerability where the markdown field in the info tab page can be exploited to inject XSS code. This is fixed ...

WordPress Videopack plugin <= 4.10.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by 63n0 in WordPress Plugin Videopack versions = 4.10.3...

Security update for rabbitmq-server313

This update for rabbitmq-server313 fixes the following issues: CVE-2025-30219: incorrectly escaped virtual hostname present in error message could lead to XSS attack. bsc1240071 Non-security fixes: Require rabbitmq-server313-plugins rather then rabbitmq-server-plugins. bsc1231656, bsc1234763 Patc...

SUSE SLES15 / openSUSE 15 Security Update : rabbitmq-server (SUSE-SU-2025:1466-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:1466-1 advisory. - CVE-2025-30219: Fixed XSS in an error message in Management UI bsc1240071 Other fixes: - Disable parallel make, this causes...

CVE-2025-32388

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.20.6 , unsanitized search param names cause XSS vulnerability. You are affected if you iterate over all entries of event.url.searchParams inside a server load function. Attackers can explo...

[SECURITY] [DLA 3896-1] mediawiki security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3896-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk September 26, 2024 https://wiki.debian.org/LTS -...

OESA-2024-1774 rubygem-actionview security update

Simple, battle-tested conventions and helpers for building web pages. Security Fixes: A flaw was found in Rails. rails-ujs may allow an attacker to perform Cross-Site Scripting XSS, which could lead to stolen information, phishing attacks, and other types of attacks.CVE-2023-23913...

Security update for zabbix (moderate)

openSUSE Security Update: Security update for zabbix Announcement ID: openSUSE-SU-2024:0064-1 Rating: moderate References: 1219775 Cross-References: CVE-2024-22119 CVSS scores: CVE-2024-22119 NVD : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-22119 SUSE: 5.4...

Design/Logic Flaw

SmartStream Transaction Lifecycle Management TLM Reconciliation Premium RP 3.1.0 allows XSS. This was fixed in TLM RP 3.1.0...

Security update for python-markdown2 (moderate)

openSUSE Security Update: Security update for python-markdown2 Announcement ID: openSUSE-SU-2021:0429-1 Rating: moderate References: 1171379 1181270 1183171 Cross-References: CVE-2021-26813 CVSS scores: CVE-2021-26813 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products:...

SUSE-SU-2020:14502-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.3.0 ESR bsc1176756, MFSA 2020-43 - CVE-2020-15677: Download origin spoofing via redirect - CVE-2020-15676: Fixed an XSS when pasting attacker-controlled data into a contenteditable element - CVE-2020-15678: Whe...

OPENSUSE-SU-2020:1555-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: -Firefox was updated to 78.3.0 ESR bsc1176756, MFSA 2020-43 - CVE-2020-15677: Download origin spoofing via redirect - CVE-2020-15676: Fixed an XSS when pasting attacker-controlled data into a contenteditable element - CVE-2020-15678: When...

SUSE-SU-2020:0930-1 Security update for ceph

This update for ceph fixes the following issues: - CVE-2020-1759: Fixed once reuse in msgr V2 secure mode bsc1166403 - CVE-2020-1760: Fixed XSS due to RGW GetObject header-splitting bsc1166484...

Recommended update for ruby2.5 (important)

openSUSE Security Update: Recommended update for ruby2.5 Announcement ID: openSUSE-SU-2020:0395-1 Rating: important References: 1140844 1152990 1152992 1152994 1152995 1162396 1164804 Cross-References: CVE-2012-6708 CVE-2015-9251 CVE-2019-15845 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255...

zapmeta.jp Cross Site Scripting vulnerability

Security Researcher npuser500 Helped patch 2610 vulnerabilities Received 7 Coordinated Disclosure badges Received 19 recommendations , a holder of 7 badges for responsible and coordinated disclosure, found a security vulnerability affecting zapmeta.jp website and its users. Following coordinated...

Fedora 28 : python-markdown2 (2019-a16e1127d3)

python-markdown2 2.3.7 - pull 306 Drop support for legacy Python versions - pull 307 Fix syntax highlighting test cases that depend on Pygments output - pull 308 Add support for Python 3.7 - pull 304 Add Wheel package support - pull 312 Fix tocdepth initialization regression - pull 315 XSS fix No...

Fedora 29 : python-markdown2 (2019-095c760511)

python-markdown2 2.3.7 - pull 306 Drop support for legacy Python versions - pull 307 Fix syntax highlighting test cases that depend on Pygments output - pull 308 Add support for Python 3.7 - pull 304 Add Wheel package support - pull 312 Fix tocdepth initialization regression - pull 315 XSS fix No...