CLEANSTART-2026-GE45898 Security fixes for CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501 applied in versions: 2.20.1-r0

Multiple security vulnerabilities affect the rabbitmq-cluster-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

OPENSUSE-SU-2026:10462-1 heroic-games-launcher-2.20.1-4.1 on GA media

These are all security issues fixed in the heroic-games-launcher-2.20.1-4.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10327-1 heroic-games-launcher-2.20.1-3.1 on GA media

These are all security issues fixed in the heroic-games-launcher-2.20.1-3.1 package on the GA media of openSUSE Tumbleweed...

@whyour/qinglong: manipulation of the argument command leads to protection mechanism failure

A security vulnerability has been detected in whyour qinglong up to 2.20.1. Affected is an unknown function of the file back/loaders/express.ts of the component API Interface. The manipulation of the argument command leads to protection mechanism failure. The attack may be initiated remotely. The...

CVE-2026-3965

A security vulnerability has been detected in whyour qinglong up to 2.20.1. Affected is an unknown function of the file back/loaders/express.ts of the component API Interface. The manipulation of the argument command leads to protection mechanism failure. The attack may be initiated remotely. The...

PT-2026-24896

Name of the Vulnerable Software and Affected Versions whyour qinglong versions through 2.20.1 Description A security issue has been identified in whyour qinglong. The problem resides in an unknown function within the back/loaders/express.ts file of the API Interface component. Manipulation of the...

DEBIAN-CVE-2024-52947

A cross-site scripting XSS vulnerability in LemonLDAP::NG before 2.20.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter of the upgrade session confirmation page upgradeSession / forceUpgrade if the "Upgrade session" plugin has been enabled by an admin...

UBUNTU-CVE-2024-52947

A cross-site scripting XSS vulnerability in LemonLDAP::NG before 2.20.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter of the upgrade session confirmation page upgradeSession / forceUpgrade if the "Upgrade session" plugin has been enabled by an admin...

PT-2024-35496 · Unknown · Lemonldap::Ng

Name of the Vulnerable Software and Affected Versions: LemonLDAP::NG versions prior to 2.20.1 Description: An issue allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an absolute value. This can...

PT-2024-35497 · Unknown · Lemonldap::Ng

Name of the Vulnerable Software and Affected Versions: LemonLDAP::NG versions prior to 2.20.1 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the url parameter of the upgrade session confirmation page, specifically the "upgradeSessi...

PT-2024-32972 · Localai +1 · Localai +1

Name of the Vulnerable Software and Affected Versions: localai versions =2.20.1 Description: The issue is related to a Cross Site Scripting XSS vulnerability. When the delete model API is called with inappropriate parameters, it can cause a one-time storage XSS. This will trigger the payload when...

LocalAI 安全漏洞

LocalAI is a free, open source alternative to OpenAI from the individual developer Ettore Di Giacinto. A security vulnerability exists in LocalAI version 2.20.1, which stems from a call to the Delete Model API that causes stored cross-site scripting when passed inappropriate parameters...

SUSE-SU-2019:2047-1 Security update for python-requests

This update for python-requests to version 2.20.1 fixes the following issues: Security issue fixed: - CVE-2018-18074: Fixed an information disclosure vulnerability of the HTTP Authorization header bsc1111622...