7 matches found
PYSEC-2026-192
Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...
CVE-2026-1114
CVE-2026-1114 affects parisneo/lollms 2.1.0. The issue is an improper access control flaw caused by signing JWTs with a weak secret key, enabling an offline brute‑force to recover the key. With the cracked secret, an attacker can forge administrative tokens, modify the JWT payload, and resigns to...
CVE-2026-34365
InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Estimate PDF generation module. User-supplied HTML in the estimate Notes field...
AZL-69973 CVE-2025-64329 affecting package moby-containerd for versions less than 1.6.26-13
containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is...
AZL-69815 CVE-2024-25621 affecting package moby-containerd-cc for versions less than 1.7.7-13
containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths /var/lib/containerd,...
WordPress WP Job Manager - Resume Manager Plugin <= 2.1.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP Job Manager - Resume Manager Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.2.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37241 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 90dee78eac8d Credits Raf...
AZL-13606 CVE-2023-0475 affecting package terraform for versions less than 1.3.2-22
HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...