RockyLinux 9 : golang (RLSA-2026:19181)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19181 advisory. crypto/x509: Incorrect enforcement of email constraints in crypto/x509 CVE-2026-27137 net/url: Incorrect parsing of IPv6 host literals in net/url...

CVE-2018-19181

statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows arbitrary file deletion via the statics/ueditor/php/controller.php?action=remove key parameter, as demonstrated by using directory traversal to delete the install.lock file...

CVE-2019-19181

This CVE-2019-19181 entry is rejected/not used and does not represent an active vulnerability.

CVE-2018-19181

statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows arbitrary file deletion via the statics/ueditor/php/controller.php?action=remove key parameter, as demonstrated by using directory traversal to delete the install.lock file...

CVE-2018-19181

The CVE affects YUNUCMS 1.1.5, where statics/ueditor/php/vendor/Local.class.php is exploitable through statics/ueditor/php/controller.php?action=remove with a directory-traversal path. This allows arbitrary file deletion (demonstrated by deleting install.lock). Root cause is a vulnerable remove a...