MaxKB 操作系统命令注入漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.7.1 contained a vulnerability related to operating system command injection. This vulnerability stemmed from issues with the MCP node, a workflow engine,...

CVE-2026-27602

Modoboa contains an OS command injection vulnerability (CWE-like) due to exec_cmd paths using subprocess with shell=True and unsanitized domain/input values. In modoboa/lib/sysutils.py and related sinks (DKIM domain handling, mailbox rename, sa-learn, doveadm, rrdtool, webmail operations), domain...

CVE-2026-4739

Integer Overflow or Wraparound vulnerability in InsightSoftwareConsortium ITK ‎Modules/ThirdParty/Expat/src/expat modules.This issue affects ITK: before 2.7.1...

CVE-2026-4739

Integer Overflow or Wraparound vulnerability in InsightSoftwareConsortium ITK ‎Modules/ThirdParty/Expat/src/expat modules.This issue affects ITK: before 2.7.1...

EUVD-2026-11983

Missing Authorization vulnerability in Ex-Themes WP Food wp-food allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Food: from n/a through 2.7.1...

SFTPGo 路径遍历漏洞

SFTPGo is a fully functional and highly configurable SFTP server developed by the Italian developer Nicola Murino. Versions of SFTPGo prior to 2.7.1 contained a path traversal vulnerability, which was caused by improper validation of dynamic group paths. This vulnerability could lead to path...

GuardDog 路径遍历漏洞

GuardDog is a CLI tool in GuardDog open source that allows identifying malicious PyPI packages. A path traversal vulnerability exists in GuardDog versions prior to 2.7.1, which stems from the presence of path traversal in the safeextract function, which could lead to arbitrary file overwriting an...

Linux Distros Unpatched Vulnerability : CVE-2022-25887

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic ...

CVE-2024-47265

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in encrypted share umount functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users to write specific files via unspecified vector...

Tracks 安全漏洞

Tracks is an open source GTD-compatible web application built with Ruby on Rails by TracksApp. A security vulnerability exists in Tracks versions prior to 2.7.1. An attacker exploited the vulnerability to execute malicious JavaScript in a user's browser environment, which could lead to a credenti...

Apache Airflow 信息泄露漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. An information disclosure vulnerability exists in Apache Airflow versions prior to...

SUSE CVE-2022-43755

A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusing this even after the token was renewed. This issue affects: SUSE Rancher Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1...

Wordpress Plugin WPLegalPages 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

Prometheus Cross-Site Scripting Vulnerability

Prometheus is open source software written in the Go language for recording real-time metrics from time-series databases built using the HTTP pull model. A cross-site scripting vulnerability exists in Prometheus versions prior to 2.7.1 that stems from a lack of proper validation of client-side da...

PT-2017-14610

Name of the Vulnerable Software and Affected Versions PJSIP versions prior to 2.7.1 Description An issue was discovered in the ioqueue component of Teluu pjproject pjlib and pjlib-util in PJSIP. The ioqueue component may issue a double key unregistration after an attacker initiates a socket...