7 matches found
Security Bulletin:Safe Join Function Vulnerability Fixed in Werkzeug v3.1.6
Summary Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fac...
CVE-2026-25359
Deserialization of Untrusted Data vulnerability in rascals Pendulum pendulum allows Object Injection.This issue affects Pendulum: from n/a through 3.1.5...
CVE-2026-21287
CVE-2026-21287 affects Substance3D Stager
CVE-2025-61835 Substance3D - Stager | Integer Underflow (Wrap or Wraparound) (CWE-191)
Substance3D - Stager versions 3.1.5 and earlier are affected by an Integer Underflow Wrap or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2025-61834
Adobe Substance3D Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability (CVE-2025-61834) that could allow arbitrary code execution in the context of the current user and requires the victim to open a malicious file. The connected Nessus advisory APSB25-113 references ad...
EUVD-2025-28109
Malicious code in bioql PyPI...
PT-2024-34198 · Unknown · Templately
Name of the Vulnerable Software and Affected Versions: Templately versions 3.1.5 and earlier Description: The issue is related to a Missing Authorization vulnerability in Templately, which allows exploitation due to incorrectly configured access control security levels. Recommendations: For...