Lucene search
K

6 matches found

CVE
CVE
added 2026/06/24 7:17 p.m.16 views

CVE-2026-23879

CVE-2026-23879 relates to py7zr, a Python library for 7z archives. Versions ≤1.1.2 contain an arbitrary file write vulnerability in extractall, where crafted symbolic link chains can bypass destination-directory checks and re-create links to arbitrary system paths. This allows writing files via s...

8CVSS6.2AI score0.00404EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.9 views

CVE-2026-45370

python-utcp is the python implementation of UTCP. Prior to 1.1.3, prepareenvironment in clicommunicationprotocol.py passes a full copy of os.environ to every CLI subprocess. When combined with CVE-2026-45369, an attacker can exfiltrate all process-level secrets in a single tool call. This...

7.7CVSS5.5AI score0.00223EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 8:14 p.m.11 views

CVE-2026-45369 python-utcp: Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the substituteutcpargs method in clicommunicationprotocol.py inserts user-controlled toolargs values directly into shell command strings without any sanitization or escaping. These commands are then executed via /bin/bash -c Unix o...

8.3CVSS5.9AI score0.00272EPSS
Exploits0References1
CVE
CVE
added 2026/02/21 12:1 a.m.19 views

CVE-2026-27189

OpenSift: A race-prone local persistence issue in versions ≤ 1.1.2-alpha due to non-atomic and insufficiently synchronized JSON persistence flows. This can cause concurrent operations to lose updates or corrupt local state across sessions (study/quiz/flashcard/wellness/auth stores). The vulnerabi...

6.6CVSS5.5AI score0.00112EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2025/09/06 12:12 a.m.5 views

WordPress aThemes Addons for Elementor Lite plugin <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by zer0gh0st in WordPress Plugin aThemes Addons for Elementor versions = 1.1.2...

6.4CVSS5.5AI score0.00216EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/05/24 5:7 p.m.1 views

GHSA-XG77-XQHQ-CRPR Stored XSS vulnerability in Code Coverage API Plugin

Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view. This results in a stored cross-site scripting vulnerability that can be exploited by users able to change the job configuration. Code Coverage API Plugin 1.1.3 escapes the filename of...

5.4CVSS5.9AI score0.00735EPSS
Exploits0References5
Rows per page
Query Builder