DEBIAN-CVE-2026-34446

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, there is an issue in onnx.load, the code checks for symlinks to prevent path traversal, but completely misses hardlinks because a hardlink looks exactly like a regular file on the...

CVE-2026-27489

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, a path traversal vulnerability via symlink allows to read arbitrary files outside model or user-provided directory. This issue has been patched in version 1.21.0...

CVE-2025-70314

webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted request. This is due to the filename variable...

CVE-2025-70314

webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted request. This is due to the filename variable...

CVE-2025-70314

webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted request. This is due to the filename variable...

CVE-2025-70314

webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted request. This is due to the filename variable...

CVE-2023-49843

Cross-Site Request Forgery CSRF vulnerability in QuanticEdge First Order Discount Woocommerce.This issue affects First Order Discount Woocommerce: from n/a through 1.21...

CVE-2025-14110

The WP Js List Pages Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-14110 WP Js List Pages Shortcodes <= 1.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute

The WP Js List Pages Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress WP Js List Pages Shortcodes plugin <= 1.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'class' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin WP Js List Pages Shortcodes versions = 1.21...

CVE-2025-60050

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Panda panda allows PHP Local File Inclusion.This issue affects Panda: from n/a through = 1.21...

EUVD-2025-204135

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Panda panda allows PHP Local File Inclusion.This issue affects Panda: from n/a through = 1.21...

CVE-2025-60050

CVE-2025-60050 describes an improper control of filenames for include/require in the WordPress Panda theme (versions ≤ 1.21), causing a PHP Local File Inclusion vulnerability. The issue affects Panda and is described as a Local File Inclusion vulnerability in PHP, with no explicit remediation det...

CVE-2025-60050 WordPress Panda theme <= 1.21 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Panda panda allows PHP Local File Inclusion.This issue affects Panda: from n/a through = 1.21...

CVE-2021-4463 Longjing Technology BEMS API <= 1.21 Remote Arbitrary File Download

Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft traversal sequences and access sensitive files outside the...

CVE-2021-4463 Longjing Technology BEMS API <= 1.21 Remote Arbitrary File Download

Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft traversal sequences and access sensitive files outside the...

Longjing BEMS API 安全漏洞

The Longjing BEMS API is an interface to the Battery Energy Management System BEMS from China's Longjing. A security vulnerability exists in Longjing BEMS API version 1.21 and earlier, which stems from an arbitrary file download issue in the downloads endpoint that could result in access to...

PT-2025-46728

Name of the Vulnerable Software and Affected Versions Longjing Technology BEMS API versions up to and including 1.21 Description The software contains an unauthenticated arbitrary file download issue in the 'downloads' endpoint. The fileName parameter lacks proper sanitization, enabling attackers...

CVE-2025-53214 WordPress Sertifier Certificate & Badge Maker plugin <= 1.21 - Broken Access Control Vulnerability

Missing Authorization vulnerability in sertifier Sertifier Certificate & Badge Maker sertifier-certificates-open-badges allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sertifier Certificate & Badge Maker: from n/a through = 1.21...

EUVD-2025-38003

Missing Authorization vulnerability in sertifier Sertifier Certificate & Badge Maker sertifier-certificates-open-badges allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sertifier Certificate & Badge Maker: from n/a through = 1.21...