5 matches found
PT-2026-37337
Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.1 Description When a NodeVM is created with the nesting variable set to true, sandbox code can unconditionally use require'vm2' regardless of the outer VM's require configuration, including when require is set to...
CVE-2026-40258 Gramps Web API has Zip Slip Path Traversal in Media Archive Import
The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.0 through 3.11.0 have a path traversal vulnerability Zip Slip in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with...
PT-2026-31028
Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which...
CVE-2023-6690
A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed i...
WordPress Easy Appointments Plugin <= 3.10.7 is vulnerable to Cross Site Scripting (XSS)
Software Easy Appointments Type Plugin Vulnerable versions = 3.10.7 Fixed in 3.11.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30748 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 10936713e96a Credits István Márton...