Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools

This update fixes the following issues: spacecmd: Version 5.2.6-0 Update translation strings uyuni-tools: Version 5.2.5-0 Remove migrate command Remove template script from mgradm: use the one in the image Split the TFTP server into a separate container Explicitly start proxy pods after operation...

Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools

This update fixes the following issues: spacecmd: Version 5.2.6-0 Update translation strings uyuni-tools: Version 5.2.5-0 Remove migrate command Remove template script from mgradm: use the one in the image Split the TFTP server into a separate container Explicitly start proxy pods after operation...

SUSE-SU-2026:1141-1 Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools

This update fixes the following issues: spacecmd: - Version 5.2.6-0 Update translation strings uyuni-tools: - Version 5.2.5-0 Remove migrate command Remove template script from mgradm: use the one in the image Split the TFTP server into a separate container Explicitly start proxy pods after...

SUSE-SU-2026:1140-1 Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools

This update fixes the following issues: spacecmd: - Version 5.2.6-0 Update translation strings uyuni-tools: - Version 5.2.5-0 Remove migrate command Remove template script from mgradm: use the one in the image Split the TFTP server into a separate container Explicitly start proxy pods after...

CVE-2026-32125

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, track/item names from the Track Anything feature are stored from user input POST and later rendered in Dygraph charts titles/labels using innerHTML or equivalent without...

CVE-2026-32125

OpenEMR vulnerability CVE-2026-32125: Stored XSS in Track Anything Graphs due to unescaped Dygraph titles/labels. Prior to version 8.0.0.1, track item names stored from user input (POST) are rendered via innerHTML or equivalent, allowing a user who can create/edit items to inject script that exec...

Cross-site Scripting (XSS)

apachesuperset is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of chart column labels, which allows an attacker to inject malicious payloads that execute in a victim’s browser and potentially lead to session hijacking or arbitrary command...

CVE-2025-55672

A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...

CVE-2025-55672 Apache Superset: Stored XSS on charts metadata

A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...