rpm package
suse/cockpit-repos&distro=SUSE Linux Enterprise Server 16.0
pkg:rpm/suse/cockpit-repos&distro=SUSE%20Linux%20Enterprise%20Server%2016.0
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-26996 | — | < 4.7-160000.2.1 | 4.7-160000.2.1 | Feb 20, 2026 | minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal charact | ||
| CVE-2025-13465 | Med | 5.3 | < 4.7-160000.1.1 | 4.7-160000.1.1 | Jan 21, 2026 | Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwritin | |
| CVE-2025-64718 | — | < 4.7-160000.1.1 | 4.7-160000.1.1 | Nov 13, 2025 | js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. T |
- CVE-2026-26996Feb 20, 2026affected < 4.7-160000.2.1fixed 4.7-160000.2.1
minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal charact
- affected < 4.7-160000.1.1fixed 4.7-160000.1.1
Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwritin
- CVE-2025-64718Nov 13, 2025affected < 4.7-160000.1.1fixed 4.7-160000.1.1
js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. T