11 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-41238
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are vulnerable to a prototype pollution-based XSS...
CVE-2025-10279
In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...
CVE-2025-10279
In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...
PT-2026-5652
Name of the Vulnerable Software and Affected Versions mlflow versions prior to 3.4.0 Description A flaw exists in mlflow version 2.20.3 where the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This allows an attacker with...
CVE-2025-66645 NiceGUI Path Traversal Vulnerability in app.add_media_files() Allows Arbitrary File Reading
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.addmediafiles function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0...
CVE-2025-66470 NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are subject to a XSS vulnerability through the ui.interactiveimage component of NiceGUI. The component renders SVG content using Vue's v-html directive without any sanitization. This allows attackers to inject malicious HTML or...
PT-2025-49682
Name of the Vulnerable Software and Affected Versions NiceGUI versions 3.3.1 and below Description NiceGUI, a Python-based UI framework, has an issue where the ui.interactive image component can be exploited for cross-site scripting XSS. The component renders Scalable Vector Graphics SVG content...
WordPress Gutenberg Blocks – PublishPress Blocks Controls, Visibility, Reusable Blocks plugin <= 3.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Gutenberg Blocks versions = 3.3.4...
Linux Distros Unpatched Vulnerability : CVE-2022-20001
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository...
SUSE CVE-2022-20001
fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing...
OESA-2022-1689 fish security update
fish is a fully-equipped command line shell like bash or zsh that is smart and user-friendly. fish supports powerful features like syntax highlighting, autosuggestions, and tab completions that just work, with nothing to learn or configure. Security Fixes: fish is a command line shell. fish versi...