CVE-2026-41646 Nuclei: Local File Read via require() Module Loader Bypass

Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's JavaScript protocol runtime allows JavaScript templates to read local .js and .json files through the require function, bypassing the default local file acce...

EUVD-2012-5760

Malware in sbrugna...

EUVD-2022-3932

Malicious code in bioql PyPI...

OESA-2025-1623 libarchive security update

is an open-source BSD-licensed C programming library that provides streaming access to a variety of different archive formats, including tar, cpio, pax, zip, and ISO9660 images. The distribution also includes bsdtar and bsdcpio, full-featured implementations of tar and cpio that use . Security...

Northern.tech Mender 安全漏洞

Northern.tech Mender is a secure and reliable remote update solution from Northern.tech, Inc. It is suitable for connected devices of any size. A security vulnerability exists in Northern.tech Mender versions prior to 3.6.5 and 3.7.x prior to 3.7.5 that stems from the presence of faulty access...

PT-2024-27247 · Unknown · Mender Enterprise

Name of the Vulnerable Software and Affected Versions: Mender Enterprise versions 3.6.4 and earlier Mender Enterprise versions 3.7.x before 3.7.4 Description: The issue is related to weak authentication in Mender Enterprise. Recommendations: For Mender Enterprise versions 3.6.4 and earlier, updat...

CVE-2023-49797

PyInstaller bundles a Python application and all its dependencies into a single package. A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. A user is affected if...

Local Privilege Escalation in Windows

Impact A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. A user is affected if all the following are satisfied: The user runs an application containing either...

GHSA-HRFH-7J5F-8CCR Pivotal RabbitMQ is vulnerable to a denial of service attack

Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be...

Python 2.7.x < 2.7.17, 3.5.x < 3.5.7, 3.6.x < 3.6.9, 3.7.x < 3.7.3 Information Disclosure Vulnerability (bpo-36216) - Windows

Python is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

Security Bulletin: Denial of service vulnerability affecting Aspera Connect 3.7 or 3.8

Summary A vulnerability, if exploited, could disable or impair the use of certain versions of Aspera Connect. UPDATE 12/9/2019: The certificate for local.connectme.us has been revoked, as a result, Aspera Connect 3.7 and 3.8 no longer function on Firefox and Safari. The web application integrated...

CVE-2019-14879

A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked where applicable...

CVE-2019-13657

CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security...

WordPress 3.7.x < 3.7.31 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability in Customizer. - An unspecified issue which could lead to disclosure of unauthenticated posts. - A cross-site scripting XSS...

WordPress 3.7.x < 3.7.26 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Localhost is treated as same host by default. - Unsafe redirects are used when redirecting the login page if SSL is forced. - The version string is not correctly escaped f...

Joomla! 3.7.x < 3.8.4 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - The XSS vulnerability in module chromes as noted in the 20180101 announcement affects 3.0.0 through 3.8.3. CVE-2018-6380 - The XSS vulnerability in comfields as noted in the...

Puppet Enterprise console session vulnerability

Puppet is a set of configuration management tools based on client/server C/S architecture from Puppet Labs in the U.S. It can be used to manage configuration files, users, cron tasks, packages, system services, etc. Puppet Enterprise is an enterprise version. console is one of the console tools. ...

Joomla! 3.7.x < 3.7.1 fields.php getListQuery() Method SQLi

According to its self-reported version number, the Joomla! installation running on the remote web server is 3.7.x prior to 3.7.1. It is, therefore, affected by a SQL injection vulnerability in the fields.php script due to improper sanitization of user-supplied input. An unauthenticated, remote...

CVE-2017-8917

SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors...

Sql injection

SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors...