OPENSUSE-SU-2026:10350-1 ruby4.0-rubygem-jquery-rails-4.6.0-1.9 on GA media

These are all security issues fixed in the ruby4.0-rubygem-jquery-rails-4.6.0-1.9 package on the GA media of openSUSE Tumbleweed...

CVE-2026-32121 OpenEMR: Stored DOM XSS via `.html()` in Portal Signer Modal

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, Stored XSS in prescription CSS/HTML print view via patient demographics. That finding involves server-side rendering of patient names via raw PHP echo. This finding involves...

Malicious Package

Overview jquery.pstrength is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-1095 Malicious code in jquery-display (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0873d8250c8747e1115c2866076509122f7e9ea8f4dde4dca4920d0f31f4874 The package jquery-display was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in jquery-display (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0873d8250c8747e1115c2866076509122f7e9ea8f4dde4dca4920d0f31f4874 The package jquery-display was found to contain malicious code. Source: ossf-package-analysis...

AZL-77601 CVE-2026-2391 affecting package js-jquery 3.5.0-4

Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in...

CVE-2025-67481

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.JqueryMsg/mediawiki.JqueryMsg.Js. This issue affects MediaWiki: from before 1.39.1...

UBUNTU-CVE-2025-67481

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.JqueryMsg/mediawiki.JqueryMsg.Js. This issue affects MediaWiki: from before 1.39.1...

CVE-2025-67481 mw.message(…).parse() doesn't output safe HTML, but it's being used as if it does

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.JqueryMsg/mediawiki.JqueryMsg.Js. This issue affects MediaWiki: from before 1.39.1...

Malicious Package

Overview hammer-jquery is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in hammer-jquery (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0e80d8bb4c65368f8c47250020a44866a9d32f6182fb7b5f2aed113723d35d8 The package hammer-jquery was found to contain malicious code. Source: ghsa-malware 72eb1b0f96efc21e3317dc341fbe50547a0d31332d3fc8470fc5a6c1c85053be...

MAL-2026-521 Malicious code in hammer-jquery (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0e80d8bb4c65368f8c47250020a44866a9d32f6182fb7b5f2aed113723d35d8 The package hammer-jquery was found to contain malicious code. Source: ghsa-malware 72eb1b0f96efc21e3317dc341fbe50547a0d31332d3fc8470fc5a6c1c85053be...

Azure Linux 3.0 Security Update: slf4j (CVE-2012-6708)

The version of slf4j installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2012-6708 advisory. - jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not...

Azure Linux 3.0 Security Update: m2crypto / python-pygments (CVE-2019-11358)

The version of m2crypto / python-pygments installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-11358 advisory. - jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles...

Azure Linux 3.0 Security Update: slf4j (CVE-2015-9251)

The version of slf4j installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2015-9251 advisory. - jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is...

Malicious Package

Overview jquery-ajaxchimp is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-436 Malicious code in jquery-ajaxchimp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a460673be9b990e588584788a155a2341ce31fabf8d07d3d0e1b9dda16bb299 The package jquery-ajaxchimp was found to contain malicious code. Source: ghsa-malware 4075366a7f1f1cb9f88b4b4c300e0e79757fea87b01c85fbab708f9be098cf...

EUVD-2026-3712

Malicious code in jquery-ajaxchimp npm...

Malicious code in jquery-ajaxchimp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a460673be9b990e588584788a155a2341ce31fabf8d07d3d0e1b9dda16bb299 The package jquery-ajaxchimp was found to contain malicious code. Source: ghsa-malware 4075366a7f1f1cb9f88b4b4c300e0e79757fea87b01c85fbab708f9be098cf...

MiracleLinux 9 : tbb-2020.3-8.el9_5.1 (AXSA:2025-9628:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9628:01 advisory. jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 Tenable has extracted the preceding description block...