PT-2026-47446

Name of the Vulnerable Software and Affected Versions Nginx Proxy Manager versions 2.9.14 through 2.15.1 Description An authenticated remote code execution issue exists via OS command injection in the setupCertbotPlugins function located in backend/setup.js. Attackers with certificates:manage...

CVE-2026-45773

Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14, Turborepo's self-hosted login and SSO browser flows did not validate a CSRF state value on the localhost callback. While the CLI was waiting for authentication, a malicious web page could send a...

EUVD-2026-30553

Trubo: Login callback CSRF/session fixation...

EUVD-2026-30551

Turbo: Unexpected local code execution during Yarn Berry detection...

CVE-2026-45772

Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to before 2.9.14, Turborepo can be vulnerable to arbitrary code execution when run in untrusted repositories that contain malicious Yarn configuration. In affected versions, package manager detection...

CVE-2026-45772 Turborepo: Unexpected local code execution during Yarn Berry detection

Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to before 2.9.14, Turborepo can be vulnerable to arbitrary code execution when run in untrusted repositories that contain malicious Yarn configuration. In affected versions, package manager detection...

CVE-2026-45772

Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to before 2.9.14, Turborepo can be vulnerable to arbitrary code execution when run in untrusted repositories that contain malicious Yarn configuration. In affected versions, package manager detection...

CVE-2026-45772

Turborepo (versions 1.1.0–2.9.13) is vulnerable to arbitrary code execution when run in untrusted repositories containing malicious Yarn configuration. The issue arises because package manager detection executes yarn --version from the project directory, potentially loading a project-controlled y...

Turborepo 跨站请求伪造漏洞

Turborepo is a high-performance JavaScript and TypeScript build system open source by Vercel. Versions of Turborepo prior to 2.9.14 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the lack of validation of the CSRF status value on the localhost callback in t...

Advisory ROSA-SA-2026-3130

software: libxml2 2.9.14 OS: ROSA-CHROME unaffected versions = libxml2-2.9.14-12 affected versions libxml2-2.9.14-12 CVE-ID: CVE-2025-6021 BDU-ID: 2025-07144 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlBuildQName function of the Libxml2 library is related to a stack-based buffer overflow...

EUVD-2024-29965

Malicious code in bioql PyPI...

EUVD-2025-27609

Malicious code in bioql PyPI...

UBUNTU-CVE-2025-9714

Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr were resetting recursion depth to zero before...

CVE-2016-3709 affecting package libxml2 2.9.14-3

CVE-2016-3709 affecting package libxml2 2.9.14-3. This CVE either no longer is or was never applicable...

CVE-2024-40896

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

EulerOS Virtualization 2.10.1 : libxml2 (EulerOS-SA-2024-2142)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : NULL Pointer Dereference allows attackers to cause a denial of service or application crash. This only applies when lxml is used...

PT-2024-24440 · Unknown · Welcart E-Commerce

Name of the Vulnerable Software and Affected Versions: Welcart e-Commerce versions 2.9.14 and earlier Description: The issue is related to a Missing Authorization vulnerability in Welcart e-Commerce. Recommendations: For versions 2.9.14 and earlier, update to a version that contains a fix for thi...

OESA-2024-1413 libxml2 security update

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

CentOS 9 : python-lxml-4.6.5-3.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the python- lxml-4.6.5-3.el9 build changelog. - NULL Pointer Dereference allows attackers to cause a denial of service or application crash. This only applies when lxml is used together wit...

EulerOS Virtualization 3.0.6.6 : python-lxml (EulerOS-SA-2023-2401)

According to the versions of the python-lxml package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - NULL Pointer Dereference allows attackers to cause a denial of service or application crash. This only applies when lxml is...