CVE-2026-44440

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.101.1 and 16.10.0, an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability on an endpoint allows an authenticated adjacent attacker to read arbitrary files. This vulnerability is...

EUVD-2026-30193

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.101.1 and 16.10.0, an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability on an endpoint allows an authenticated adjacent attacker to read arbitrary files. This vulnerability is...

CVE-2026-44440

ERPNext is affected by a path traversal vulnerability (CVE-2026-44440) in which an authenticated adjacent attacker can read arbitrary files due to improper limitation of a pathname to a restricted directory. The issue exists prior to versions 15.101.1 and 16.10.0 and is fixed in those releases. C...

PT-2026-40819

Name of the Vulnerable Software and Affected Versions ERPNext versions prior to 15.101.1 ERPNext versions prior to 16.10.0 Description An improper limitation of a pathname to a restricted directory, known as path traversal, allows an authenticated adjacent attacker to read arbitrary files via an...

ERPNext 路径遍历漏洞

ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Versions prior to 15.101.1 and 16.10.0 of ERPNext contained a path traversal vulnerability. This vulnerability stems from a path traversal vulnerability in endpoints, which could allow...

CVE-2026-3837

An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution when another user opens the affected document in Desk. The vulnerable formatter implementations interpolate stored values into raw HTML attributes and element content without...

CVE-2026-3837

An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution when another user opens the affected document in Desk. The vulnerable formatter implementations interpolate stored values into raw HTML attributes and element content without...

PT-2026-34557

Name of the Vulnerable Software and Affected Versions Frappe version 16.10.0 Description An authenticated attacker can persist crafted values in multiple field types to trigger client-side script execution when another user opens the affected document in Desk. This occurs because vulnerable...

Frappe 跨站脚本漏洞

Frappe is a web development framework based on Python and Mariadb, with integrated front-end pages, developed by the Indian company Frappe. Version 16.10.0 of Frappe contains a cross-site scripting vulnerability. This vulnerability arises from special values stored in multiple field types that ar...

Linux Distros Unpatched Vulnerability : CVE-2024-5469

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC...

XWiki 16.10.0-rc-1 < 16.10.4, 17.0.0-rc-1 < 17.1.0 RCE Vulnerability (GHSA-rhfv-688c-p6hp)

Xwiki is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

XWiki Platform 安全漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform version 16.10.0, which stems from improperly set programming privileges and could lead to remote code execution...

PT-2024-36405 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.10.0 through 16.10.5 GitLab CE/EE versions 16.11.0 through 16.11.2 Description: The issue allows an attacker to crash KAS via crafted gRPC requests, potentially leading to a denial of service. Recommendations: For...

Visual Studio 2019 version 16.10.0 to 16.10.4 update

Visual Studio 2019 version 16.10.0 to 16.10.4 update...

Visual Studio 2019 version 16.10.0 to 16.10.3 update

Visual Studio 2019 version 16.10.0 to 16.10.3 update...

Visual Studio 2019 version 16.10.0 to 16.10.5 update

Visual Studio 2019 version 16.10.0 to 16.10.5 security update. This update applies to all affected editions of Visual Studio 2019 version 16.10. The client machines must be enabled to receive this administrator update, and by default Visual Studio must be closed on the client in order for the...