cockpit-subscriptions-14.4-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2026:10150-1 Final 1 1 2026-02-05T00:00:00Z current 2026-02-05T00:00:00Z 2026-02-05T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z cockpit-subscriptions-14.4-2.1 on GA media These are all security issues fixed in the cockpit-subscriptions-14.4-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2026-10150 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-13465/ SUSE CVE CVE-2025-13465 page openSUSE Tumbleweed cockpit-subscriptions-14.4-2.1 cockpit-subscriptions-14.4-2.1 as a component of openSUSE Tumbleweed Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original behavior. This issue is patched on 4.17.23 CVE-2025-13465 openSUSE Tumbleweed:cockpit-subscriptions-14.4-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-13465.html CVE-2025-13465 https://bugzilla.suse.com/1257321 SUSE Bug 1257321