Azure Linux 3.0 Security Update: nodejs (CVE-2019-10906)

The version of nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-10906 advisory. - In Pallets Jinja before 2.10.1, str.formatmap allows a sandbox escape. CVE-2019-10906 Note that Nessus has n...

CVE-2025-10906

creationtimestamp| type| source ---|---|--- 2025-12-03 18:59:57+00:00| seen| https://gist.github.com/bhargav-nebulock/a23897d2199bc16d9e67b777e001fda2...

EUVD-2018-13609

Malware in sbrugna...

CVE-2025-10906 Magnetism Studios Endurance NSXPC com.MagnetismStudios.endurance.helper loadModuleNamed:WithReply missing authentication

A flaw has been found in Magnetism Studios Endurance up to 3.3.0 on macOS. This affects the function loadModuleNamed:WithReply of the file /Applications/Endurance.app/Contents/Library/LaunchServices/com.MagnetismStudios.endurance.helper of the component NSXPC Interface. Executing manipulation can...

Linux Distros Unpatched Vulnerability : CVE-2018-10906

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount...

Alibaba Cloud Linux 3 : 0066: python-jinja2 (ALINUX3-SA-2022:0066)

The remote Alibaba Cloud Linux 3 host has a package installed that is affected by a vulnerability as referenced in the ALINUX3-SA-2022:0066 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-10906: In Pallets Jinja before 2.10.1,...

CVE-2024-10906

In version 0.6.0 of eosphoros-ai/db-gpt, the uvicorn app created by dbgptserver uses an overly permissive instance of CORSMiddleware which sets the Access-Control-Allow-Origin to for all requests. This configuration makes all endpoints exposed by the server vulnerable to Cross-Site Request Forger...

dbgpt-app (=0.8.0rc1), dbgpt-client (>=0.7.0 <=0.8.0rc1) +2 more potentially affected by CVE-2024-10906 via dbgpt (=0.8.0)

dbgpt PYPI version =0.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on dbgpt and may be impacted: - dbgpt-app =0.8.0rc1 - dbgpt-client =0.7.0, =0.7.0, =0.8.0, =0.8.0rc1 Source cves: CVE-2024-10906 Source advisory: SNYK:PYTHON-DBGPT-9586747...

CVE-2024-10906

In version 0.6.0 of eosphoros-ai/db-gpt, the uvicorn app created by dbgptserver uses an overly permissive instance of CORSMiddleware which sets the Access-Control-Allow-Origin to for all requests. This configuration makes all endpoints exposed by the server vulnerable to Cross-Site Request Forger...

CVE-2024-10906 Cross-Site Request Forgery (CSRF) in eosphoros-ai/db-gpt

In version 0.6.0 of eosphoros-ai/db-gpt, the uvicorn app created by dbgptserver uses an overly permissive instance of CORSMiddleware which sets the Access-Control-Allow-Origin to for all requests. This configuration makes all endpoints exposed by the server vulnerable to Cross-Site Request Forger...

CVE-2024-10906 Cross-Site Request Forgery (CSRF) in eosphoros-ai/db-gpt

In version 0.6.0 of eosphoros-ai/db-gpt, the uvicorn app created by dbgptserver uses an overly permissive instance of CORSMiddleware which sets the Access-Control-Allow-Origin to for all requests. This configuration makes all endpoints exposed by the server vulnerable to Cross-Site Request Forger...

CVE-2024-10906

CVE-2024-10906 – CSRF in DB-GPT (eosphoros-ai/db-gpt) Affected: db-gpt, version 0.6.0, within the uvicorn app created by dbgpt_server. Root cause: CORSMiddleware configured with wide permissiveness, setting Access-Control-Allow-Origin to ‘*’ for all endpoints. Impact: endpoints may be interacted ...

CVE-2019-10906 affecting package nodejs for versions less than 20.14.0-1

CVE-2019-10906 affecting package nodejs for versions less than 20.14.0-1. A patched version of the package is available...

CBL Mariner 2.0 Security Update: fuse (CVE-2018-10906)

The version of fuse installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2018-10906 advisory. - In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when...

Important: python3-jinja2

Issue Overview: In Pallets Jinja before 2.10.1, str.formatmap allows a sandbox escape. CVE-2019-10906 Affected Packages: python3-jinja2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories...

Important: python3-jinja2

Issue Overview: In Pallets Jinja before 2.10.1, str.formatmap allows a sandbox escape. CVE-2019-10906 Affected Packages: python3-jinja2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories...

python-jinja2 security update

2.10.1-4 - Security fix for CVE-2024-22195 Resolves: RHEL-21347 2.10.1-3 - Fix CVE-2020-28493: ReDOS vulnerability due to the sub-pattern Resolves: rhbz1928707 2.10.1-2 - Rebuild of package to go through gating - Resolves: rhbz1701301 2.10.1-1 - Rebase to 2.10.1 security update to fix...

RHEL 8 : fuse (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - fuse: bypass of the userallowother restriction when SELinux is active CVE-2018-10906 Note that Nessus has not teste...

RHEL 6 / 7 : rh-python36-python-jinja2 (RHSA-2019:1329)

The remote Redhat Enterprise Linux 6 / 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:1329 advisory. The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but support...

RHEL 6 / 7 : rh-python35-python-jinja2 (RHSA-2019:1237)

The remote Redhat Enterprise Linux 6 / 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:1237 advisory. The rh-python35-python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-X...