Exploit for Improper Encoding or Escaping of Output in Cisco Catalyst_Sd-Wan_Manager

CVE-2026-20245 - Cisco SD-WAN Privilege Escalation Exploit !...

CVE-2026-25645 affecting package python-requests for versions less than 2.31.0-4

CVE-2026-25645 affecting package python-requests for versions less than 2.31.0-4. A patched version of the package is available...

CVE-2026-32394

Missing Authorization vulnerability in PublishPress PublishPress Capabilities capability-manager-enhanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Capabilities: from n/a through = 2.31.0...

EUVD-2026-11907

Missing Authorization vulnerability in PublishPress PublishPress Capabilities capability-manager-enhanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Capabilities: from n/a through = 2.31.0...

CVE-2026-32394

Missing Authorization vulnerability in PublishPress PublishPress Capabilities capability-manager-enhanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Capabilities: from n/a through = 2.31.0...

CVE-2026-32394

Missing Authorization vulnerability in PublishPress PublishPress Capabilities capability-manager-enhanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Capabilities: from n/a through = 2.31.0...

CVE-2026-32394

The CVE-2026-32394 entry concerns the WordPress PublishPress Capabilities plugin (capability-manager-enhanced) with a Broken Access Control/Missing Authorization issue. Affected component: PublishPress Capabilities, versions up to and including 2.31.0. Root cause: incorrectly configured access co...

ZITADEL 安全漏洞

ZITADEL is a modern open-source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak, developed for the era of containers and serverless environments by ZITADEL in Switzerland. There were security vulnerabilities in versions of ZITADEL between 2.31.0 and 3.4.7, as well as in version...

EulerOS 2.0 SP13 : python-pip (EulerOS-SA-2025-2531)

According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected...

EUVD-2021-0160

Malware in sbrugna...

EUVD-2024-2724

Malicious code in bioql PyPI...

Astra Linux – Vulnerability in requests

Requests is an HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This issue arises due to the way we use rebuildproxies to reattach the Proxy-Authorization header to requests. For HTTP connections...

CVE-2024-47536

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. A user with the editmyprivateinfo right or who can otherwise change their name can XSS themselves by setting their "real name" to an XSS payload. This vulnerability is fixed in 2.31.0...

WebFileSys 2.31.0 - Directory Path Traversal

Exploit Title: WebFileSys 2.31.0 - Directory Path Traversal in relPath Parameter Date: Nov 25, 2024 Exploit Author: Korn Chaisuwan, Charanin Thongudom, Pongtorn Angsuchotmetee Vendor Homepage: http://www.webfilesys.de/webfilesys-home/index.html Software Link:...

CVE-2024-53586

An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the parameter, attackers can manipulate file paths and gain unauthorized access to sensitive files, potentially exposing...

WebFileSys 安全漏洞

WebFileSys is a Web-based multi-user file manager written in Java from WebFileSys, Inc. A security vulnerability exists in WebFileSys version 2.31.0, which stems from a problem with the relPath parameter that allows an attacker to perform directory traversal via a crafted HTTP request...

WebFileSys 2.31.0 Directory Traversal

An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the parameter, attackers can manipulate file paths and gain unauthorized access to sensitive files, potentially exposing...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to requests-2.31.0-py3-none-any.whl CVE-2024-35195

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to requests-2.31.0-py3-none-any.whl CVE-2024-35195. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local...

PT-2025-1789 · Siteorigin · The Page Builder By Siteorigin

Name of the Vulnerable Software and Affected Versions: The Page Builder by SiteOrigin plugin for WordPress versions up to, and including, 2.31.0 Description: The issue is related to Stored Cross-Site Scripting via the row label parameter due to insufficient input sanitization and output escaping...

CVE-2024-47536

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. A user with the editmyprivateinfo right or who can otherwise change their name can XSS themselves by setting their "real name" to an XSS payload. This vulnerability is fixed in 2.31.0...