Gradio - Absolute Path Traversal

Gradio 6.7 on Windows with Python 3.13+ contains an absolute path traversal caused by incorrect path validation in path joining logic, letting unauthenticated attackers read arbitrary files from the server. id: CVE-2026-28414 info: name: Gradio - Absolute Path Traversal author: 0xAkoko severity:...

VulnCheck KEV: CVE-2026-28414

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Python 3.13+ change...

PYSEC-2026-64

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Python 3.13+ change...

CVE-2026-28414

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Python 3.13+ change...

01os (>=0.0.5 <=0.0.13), 3m (>=0.1.0 <=0.1.3) +2331 more potentially affected by CVE-2026-27025 via pypdf (>=3.10.0 <=6.7.0)

pypdf PYPI version =3.10.0, =0.0.5, =0.1.0, =0.4.1, =0.2.5, =0.0.2, =0.2.0, =1.2.27, =0.1.0, =1.2.32, =0.1.1, =1.0.0, =2.0.0 and more Source cves: CVE-2026-27025 Source advisory: OSV:GHSA-WGVP-VG3V-2XQ3...

CVE-2026-23796 Session Fixation in Quick.Cart

Quick.Cart allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. The vendor was notified early about this...

CVE-2026-23797 Plaintext password display in Quick.Cart

In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7...

CVE-2025-69180 WordPress Ultra Portfolio plugin <= 6.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in themepassion Ultra Portfolio ultra-portfolio allows Blind SQL Injection.This issue affects Ultra Portfolio: from n/a through = 6.7...

CVE-2025-67684

Quick.Cart is vulnerable to Local File Inclusion and Path Traversal issues in the theme selection mechanism. Quick.Cart allows a privileged user to upload arbitrary file contents while only validating the filename extension. This allows an attacker to include and execute uploaded PHP code,...

CVE-2025-67683

CVE-2025-67683 (Quick.Cart) is a reflected XSS vulnerability caused by the sSort parameter. The issue allows an attacker to craft a URL that, when opened by a victim, executes arbitrary JavaScript in the browser. Public references in the provided documents indicate that only version 6.7 was teste...

CVE-2021-22512

Cross-Site Request Forgery CSRF vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow form validation without permission checks...

CVE-2021-22513

Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow access without permission checks...

CVE-2024-58308

Quick.CMS 6.7 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating the login form. Attackers can inject specific SQL payloads like ' or '1'='1 to gain unauthorized administrative access to the system...

CVE-2024-58308

Quick.CMS 6.7 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating the login form. Attackers can inject specific SQL payloads like ' or '1'='1 to gain unauthorized administrative access to the system...

PT-2025-50760

Name of the Vulnerable Software and Affected Versions Quick.CMS version 6.7 Description The software contains a SQL injection flaw that allows unauthenticated attackers to bypass login authentication. Attackers can manipulate the login form with SQL payloads, such as ' or '1'='1, to gain...

CiviCRM 安全漏洞

CiviCRM is an open source, cloud-based member relationship management CRM system developed specifically to meet the needs of nonprofit and association-based organizations. A security vulnerability exists in CiviCRM versions prior to 6.7 that stems from the Accounting Batches field being vulnerabl...

EUVD-2019-13119

Malware in sbrugna...

EUVD-2015-5225

Malware in sbrugna...

EUVD-2020-25220

Malware in sbrugna...

EUVD-2008-2265

Malware in sbrugna...