Lucene search
K

7 matches found

PyPA
PyPA
added 2026/05/28 4:16 p.m.110 views

PYSEC-2026-192

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS5.9AI score0.00335EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/04/07 6:19 a.m.18 views

CVE-2026-1114

CVE-2026-1114 affects parisneo/lollms 2.1.0. The issue is an improper access control flaw caused by signing JWTs with a weak secret key, enabling an offline brute‑force to recover the key. With the cracked secret, an attacker can forge administrative tokens, modify the JWT payload, and resigns to...

9.8CVSS7.2AI score0.0054EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/03/31 8:16 p.m.23 views

CVE-2026-34365

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Estimate PDF generation module. User-supplied HTML in the estimate Notes field...

8.1CVSS0.00245EPSS
Exploits1References2
OSV
OSV
added 2025/11/07 5:16 a.m.8 views

AZL-69973 CVE-2025-64329 affecting package moby-containerd for versions less than 1.6.26-13

containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is...

6.9CVSS7.2AI score0.00162EPSS
Exploits1References1
OSV
OSV
added 2025/11/06 7:15 p.m.9 views

AZL-69815 CVE-2024-25621 affecting package moby-containerd-cc for versions less than 1.7.7-13

containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths /var/lib/containerd,...

7.8CVSS6.6AI score0.00159EPSS
Exploits1References1
Patchstack
Patchstack
added 2024/06/21 12:0 a.m.15 views

WordPress WP Job Manager - Resume Manager Plugin <= 2.1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Job Manager - Resume Manager Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.2.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37241 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 90dee78eac8d Credits Raf...

7AI score0.00199EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/02/16 7:15 p.m.6 views

AZL-13606 CVE-2023-0475 affecting package terraform for versions less than 1.3.2-22

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...

6.5CVSS6.5AI score0.00454EPSS
Exploits0References1
Rows per page
Query Builder