4594 matches found
CVE-2026-26097
Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request...
CVE-2026-26099
Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request...
CVE-2026-26099
Owl opds 2.2.0.4 contains an Uncontrolled Search Path Element vulnerability. The issue allows manipulating configuration file search paths via a crafted network request, indicating potential impact on confidentiality, integrity, and availability as described by the CVSS metrics (base score 8.4, H...
CVE-2026-26098
Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request...
CVE-2026-26098 Uncontrolled Search Path Element in Owl opds
Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request...
CVE-2026-26098 Uncontrolled Search Path Element in Owl opds
Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request...
CVE-2026-26098
The CVE-2026-26098 entry concerns Owl opds version 2.2.0.4 and is caused by an Uncontrolled Search Path Element. The issue permits manipulation of configuration file search paths via a crafted network request, indicating local attack vector with high impact on confidentiality and integrity, and h...
CVE-2026-26097
Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request...
CVE-2026-26097 Uncontrolled Search Path Element in Owl opds
Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request...
CVE-2026-26097 Uncontrolled Search Path Element in Owl opds
Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request...
CVE-2026-26097
Owl opds 2.2.0.4 is affected by CVE-2026-26097, which concerns an Uncontrolled Search Path Element that can leverage/manipulate configuration file search paths via a crafted network request. The CVSS metrics indicate a HIGH impact across confidentiality, integrity, and availability, with a LOCAL ...
Owl Cyber Defense OPDS 代码问题漏洞
Owl Cyber Defense OPDS is a network isolation device developed by Owl Cyber Defense Corporation in the United States. Version 2.2.0.4 of Owl Cyber Defense OPDS contains a code vulnerability; this vulnerability stems from an uncontrolled search path element, which may lead to the exploitation of t...
PT-2026-21264
Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request...
CVE-2019-25365
ChaosPro 2.0 contains a buffer overflow vulnerability in the configuration file path handling that allows attackers to execute arbitrary code by overwriting the Structured Exception Handler. Attackers can craft a malicious configuration file with carefully constructed payload to overwrite memory...
CVE-2019-25358
FileOptimizer 14.00.2524 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the FileOptimizer32.ini configuration file. Attackers can overwrite the TempDirectory parameter with a 5000-character buffer to cause the application to crash when...
pretix unsafely evaluates variables in emails
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant bugs: - It was possible to exfiltrate informati...
GHSA-R8P8-QW9W-J9QV pretix unsafely evaluates variables in emails
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant bugs: - It was possible to exfiltrate informati...
EUVD-2026-6095
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...
CVE-2026-2452
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...
CVE-2026-2452
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...