5 matches found
SUSE-SU-2026:1970-1 Security update for php-composer2
This update for php-composer2 fixes the following issues - CVE-2026-40176: command injection via malicious Perforce repository definition bsc1262254. - CVE-2026-40261: command injection via malicious Perforce source reference/url bsc1262255. Changes for php-composer2: - version update to 2.2.27...
CVE-2026-27376 WordPress Claue - Clean, Minimal Elementor WooCommerce Theme theme <= 2.2.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in JanStudio Claue - Clean, Minimal Elementor WooCommerce Theme claue allows Reflected XSS.This issue affects Claue - Clean, Minimal Elementor WooCommerce Theme: from n/a through = 2.2.7...
CVE-2025-58643
Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Daylight Edition ltl-freight-quotes-daylight-edition allows Object Injection.This issue affects LTL Freight Quotes – Daylight Edition: from n/a through = 2.2.7...
SUSE CVE-2025-31483
Miniflux is a feed reader. Due to a weak Content Security Policy on the /proxy/ route, an attacker can bypass the CSP of the media proxy and execute cross-site scripting when opening external images in a new tab/window. To mitigate the vulnerability, the CSP for the media proxy has been changed...
CMS Made Simple admin/moduleinterface.php Reflective Cross-Site Scripting Vulnerability
CMS Made Simple is a content management system developed using PHP, MySQL and Smarty template engine. A reflected cross-site scripting vulnerability exists in admin/moduleinterface.php in CMS Made Simple 2.2.7. The vulnerability can be exploited to conduct cross-site scripting attacks via the...