CVE-2026-23968

creationtimestamp| type| source ---|---|--- 2026-01-22 01:43:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mcy2prbvau2i 2026-01-24 21:22:54+00:00| seen| https://gist.github.com/alon710/90ad92a146ef16984ad73cdc699140c7 2026-01-24 22:18:56+00:00| seen|...

CVE-2026-23968

CVE-2026-23968 affects Copier (library and CLI) prior to version 9.11.2. The issue lets a safe-looking template include arbitrary files/directories outside the local template via symlinks when _preserve_symlinks is false, effectively enabling read access to sensitive data. Version 9.11.2 patches ...

algokit (>=0.2.0 <=2.10.0), algorun (>=0.0.1b1 <=0.0.1b4) +37 more potentially affected by CVE-2026-23968 via copier (>=2.3.3 <=9.11.1)

copier PYPI version =2.3.3, =0.2.0, =0.0.1b1, =0.0.1, =0.11.0, =0.31.0, =1.4.14, =0.2.3, =2.0.0, =0.18.0, =0.9.0, =0.10.0, =0.1.1, =0.14.1, =0.1.0, =0.1.10, =0.1.11 and more Source cves: CVE-2026-23968 Source advisory: OSV:GHSA-XJHM-GP88-8PFX...

algokit (>=2.9.0 <=2.10.0), biopipen (>=1.0.0 <=1.3.7) +4 more potentially affected by CVE-2026-23968 via copier (>=9.0.1 <=9.11.1)

copier PYPI version =9.0.1, =2.9.0, =1.0.0, =2.2.2, =1.2.1, =2.14.1, =2.51.0 Source cves: CVE-2026-23968 Source advisory: SNYK:PYTHON-COPIER-15054434...

📄 WordPress AI Buddy 1.8.5 Shell Upload

WordPress AI Buddy plugin versions 1.8.5 and below remote shell upload exploit that leverages the REST API attachment functionality. ============================================================================================================================================= | Title : AI Buddy...

Linux Distros Unpatched Vulnerability : CVE-2021-23968

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to...

WordPress Graphina plugin <= 3.1.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin Graphina versions = 3.1.1...

CVE-2025-23968

creationtimestamp| type| source ---|---|--- 2025-07-03 21:40:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lt3ox54mus2l 2025-07-04 03:00:05+00:00| published-proof-of-concept| Telegram/RzZ013A6hXC-6kV-YI4QCReoYBbyiIzsP4toqc70fDWU4nE 2025-08-06 13:54:20+00:00| seen|...

Exploit for CVE-2025-23968

AI Bud – AI Content Generator, AI Chatbot, ChatGPT, Gemini, GP...

CVE-2025-23968 WordPress AiBud WP plugin <= 1.9 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WebFactory AiBud WP aibuddy-openai-chatgpt allows Upload a Web Shell to a Web Server.This issue affects AiBud WP: from n/a through = 1.9...

CVE-2020-23968

Ilex International Sign Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramData\Ilex\S\Logs\000-sngWSService1.log...

CVE-2024-23968

creationtimestamp| type| source ---|---|--- 2025-01-30 23:33:43+00:00| seen| https://infosec.exchange/users/cve/statuses/113919919472260315 2025-01-31 00:17:10+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgypvemkf22h 2025-01-31 01:12:06+00:00| seen|...

CVE-2024-23968

CVE-2024-23968 (ChargePoint Home Flex) affects the SrvrToSmSetAutoChnlListMsg function. The flaw stems from insufficient validation of user-supplied data length before copying to a fixed-length stack-based buffer, causing a stack-based overflow. This enables network-adjacent attackers to execute ...

File upload vulnerability in SuperMap iServer of Beijing SuperMap Software Co. Ltd (CNVD-2024-23968)

SuperMap iServer is a cloud GIS application server based on high-performance cross-platform GIS kernel, providing full-featured GIS service publishing, management and aggregation capabilities, and supporting multi-level extension development. A file upload vulnerability exists in SuperMap iServer...

SUSE CVE-2021-23968

If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox 86,...

Mageia: Security Advisory (MGASA-2021-0097)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-23968

Xerox VersaLink devices on specific versions of firmware before 2022-01-26 allow remote attackers to brick the device via a crafted TIFF file in an unauthenticated HTTP POST request. There is a permanent denial of service because image parsing causes a reboot, but image parsing is restarted as so...

CVE-2022-23968

CVE-2022-23968 affects Xerox VersaLink devices on specific firmware versions prior to 2022-01-26. A crafted TIFF file with an incomplete Image Directory, delivered via an unauthenticated HTTP POST request, can cause the device to reboot during image parsing, resulting in a permanent denial of ser...

Mozilla Firefox Security Advisory (MFSA2021-07) - Linux

The remote host is missing an update for Mozilla Firefox, announced via the advisory MFSA2021-07. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2021:14657-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14657-1 advisory. - If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation...