4 matches found
CVE-2026-55424
CVE-2026-55424 – Discourse topic featured link stored XSS . Discourse (open-source discussion platform) prior to versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5 allowed a mis-normalized/undescoped topic feature link to inject JavaScript when default Content Security Policy protections were mo...
CVE-2026-59720
Hoppscotch’s Mock API exposes private collection data due to a desync: mock-server.service.ts does not persist the isPublic input, while schema.prisma defaults isPublic to true, making mock servers linked to private collections publicly accessible without authentication. The vulnerability affects...
EUVD-2026-42654
Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, mock server creation in mock-server.service.ts does not persist the isPublic input field while schema.prisma defaults isPublic to true, causing mock servers linked to private collections to be publicly accessible without...
OPENSUSE-SU-2026:11043-1 python313-distributed-2026.6.0-1.1 on GA media
These are all security issues fixed in the python313-distributed-2026.6.0-1.1 package on the GA media of openSUSE Tumbleweed...