OPENSUSE-SU-2026:20248-1 Security update for chromium

This update for chromium fixes the following issues: Changes in chromium: - more fixes for desktop file, some variables were lowercased, further adaptions in INSTALL script boo1258199 - also copy rollup into thirdparty/node/nodemodules - stay on llvm-10 for swiftshader but bring a similar patch -...

qt6-webengine -- multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 262 security bugs in Chromium: CVE-2025-13223: Type Confusion in V8 CVE-2025-13224: Type Confusion in V8 CVE-2025-13630: Type Confusion in V8 CVE-2025-13632: Inappropriate implementation in DevTools CVE-2025-13634: Inappropriate implementation i...

EUVD-2018-10145

Malware in sbrugna...

EUVD-2023-1039

Malicious code in bioql PyPI...

EUVD-2023-3246

Malicious code in bioql PyPI...

EUVD-2024-3104

Malicious code in bioql PyPI...

CVE-2025-59838

Monkeytype is a minimalistic and customizable typing test. In versions 25.36.0 and prior, improper handling of user input when loading a saved custom text results in XSS. This issue has been fixed in version 25.44.0...

CVE-2025-54314

Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that was fixed can only be used with arguments that are controlled by Thor, and there is no way an attacker can take control of those arguments."...

CVE-2025-4590

The Daisycon prijsvergelijkers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'daisyconuitvaart' shortcode in all versions up to, and including, 4.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2025-2072

FAST LTA Silent Brick WebUI is affected by a Reflected Cross-Site Scripting (XSS) vulnerability. The issue occurs when user-supplied input is reflected in output without proper sanitization or encoding, enabling arbitrary JavaScript execution in the victim’s browser. Affected WebUI parameters inc...

CVE-2024-13612

The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bettermessageslivechatbutton' shortcode in all versions up to, and including, 2.6.9 due to insufficient input...

CVE-2024-13700 Embed Swagger UI <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Embed Swagger UI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsgui' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-23545

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Navnish Bhardwaj WP Social Broadcast wp-social-broadcast allows Reflected XSS.This issue affects WP Social Broadcast: from n/a through = 1.0.0...

CVE-2025-23998 WordPress UltraLight theme <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in raratheme UltraLight the-ultralight allows Reflected XSS.This issue affects UltraLight: from n/a through = 1.2...

CVE-2024-57886 mm/damon/core: fix new damon_target objects leaks on damon_commit_targets()

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: fix new damontarget objects leaks on damoncommittargets Patch series "mm/damon/core: fix memory leaks and ignored inputs from damoncommitctx". Due to two bugs in damoncommittargets and damoncommitschemes, which are...

CVE-2024-57886

Technical details for CVE-2024-57886 are not provided in the supplied documents. No affected product/versions or remediation specifics are present here; monitor for updates from official advisories and connected sources.

PT-2024-31032 · Google · Tink-Cc

Name of the Vulnerable Software and Affected Versions: Tink-cc versions prior to 2.1.3 Description: The issue is related to a Denial of service vulnerability. An adversary can crash binaries using the crypto::tink::JsonKeysetReader in Tink-cc by providing an input that is not an encoded JSON...

Cannot input Simplified/Traditional Chinese or Japanese in Windows server 2019/2022 or Windows 10/11

For Windows Server 2019/2022 English OS or Windows 10/11 as VDA, CWA Windows Client uses Microsoft Pinyin IME to input simplified Chinese, Microsoft Bopomofo IME to input traditional Chinese, or Microsoft Japanese IME to input Japanese, keyboard sync mode is configured as "Sync only once" in...

Citrix Receiver for Mac 11.8.2 Compatibility with OS X 10.10

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer toCTX297149for more information Apple released Mac OSX 10.10 on October 16th. Changes in Mac OSX 10.10 require changes in Citrix Receiv...

USN-4431-1 ffmpeg vulnerabilities

It was discovered that FFmpeg incorrectly verified empty audio packets or HEVC data. An attacker could possibly use this issue to cause a denial of service via a crafted file. This issue only affected Ubuntu 16.04 LTS, as it was already fixed in Ubuntu 18.04 LTS. For more information see:...