CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

222 matches found

Amazon•added 2026/06/08 12:0 a.m.•6 views

Medium: python-mako

Issue Overview: Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the...

8.7CVSS5.4AI score0.00361EPSS

Exploits0

Tenable Nessus•added 2026/06/08 12:0 a.m.•8 views

Amazon Linux 2 : python-mako, --advisory ALAS2-2026-3333 (ALAS-2026-3333)

The version of python-mako installed on the remote host is prior to 0.8.1-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3333 advisory. Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when ...

8.7CVSS5.5AI score0.00361EPSS

Exploits0References4

RedhatCVE•added 2026/06/05 7:11 p.m.•9 views

CVE-2026-44307

A flaw was found in Mako, a Python template library. A remote attacker could exploit a directory traversal vulnerability by crafting a Uniform Resource Identifier URI with backslash traversal. This bypasses security checks, allowing the attacker to read files outside the intended template...

8.7CVSS5.3AI score0.00609EPSS

Exploits1References7

Vulnrichment•added 2026/06/04 2:17 p.m.•8 views

CVE-2026-41065 Tautulli Vulnerable to Unauthenticated/Authenticated Remote Code Execution via Newsletter Custom Template Directory

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 are vulnerable to remote code execution via the newsletter custom template directory feature. On a fresh install before the setup wizard is completed, all management endpoints are completely...

9.3CVSS6.5AI score0.00434EPSS

Exploits0References2

CVE•added 2026/06/04 2:17 p.m.•9 views

CVE-2026-41065

Tautulli versions prior to 2.17.1 are vulnerable to unauthenticated/authenticated remote code execution via the newsletter custom template directory feature. On a fresh install (before setup wizard completion) or on an installed system with credentials, an attacker can create a newsletter agent a...

9.3CVSS6.5AI score0.00434EPSS

Exploits0References2

Cvelist•added 2026/06/04 2:17 p.m.•34 views

CVE-2026-41065 Tautulli Vulnerable to Unauthenticated/Authenticated Remote Code Execution via Newsletter Custom Template Directory

9.3CVSS0.00434EPSS

Exploits0References2

Positive Technologies•added 2026/06/04 12:0 a.m.•10 views

PT-2026-46248

9.3CVSS6.5AI score0.00434EPSS

Exploits0References3

IBM Security Bulletins•added 2026/05/31 4:47 p.m.•12 views

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in mako (CVE-2026-41205)

Summary A vulnerability in the Mako Templates library CVE-2026-41205 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading the component to version 1.3.11. Vulnerability Details CVEID:CVE-2026-41205 DESCRIPTION: Mako is a template library written in Python. Prior to 1.3.11,...

8.7CVSS5.7AI score0.00361EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/05/27 4:3 p.m.•19 views

Security Bulletin: Maximo AI Service uses multiple third party dependencies which are vulnerable to multiple CVEs.

Summary Maximo AI Service uses path-to-regexp-0.1.12.tgz, mlflow-3.9.0rc0-py3-none-any.whl, lodash-4.17.23.tgz, tomcat-embed-core-10.1.53.jar, spring-security-config-6.5.9.jar, Mako-1.3.8-py3-none-any.whl, uuid-11.1.0.tgz, spring-boot-3.5.13.jar, mako-1.3.11-py3-none-any.whl and...

8.7CVSS7.5AI score0.01895EPSS

Exploits7Affected Software1

GithubExploit•added 2026/05/20 2:59 p.m.•67 views

dependabot-pip-mako-case-poc

Dependabot pip-updater: case-sensitive advisory name match Po...

8.7CVSS5.8AI score0.00609EPSS

Exploits1

Tenable Nessus•added 2026/05/16 12:0 a.m.•8 views

SUSE SLED15 / SLES15 Security Update : python-Mako (SUSE-SU-2026:1819-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1819-1 advisory. This update for python-Mako fixes the following issue: - CVE-2026-41205: Prior to 1.3.11, TemplateLookup.gettemplate is...

8.7CVSS5.8AI score0.00361EPSS

Exploits0References4

Tenable Nessus•added 2026/05/16 12:0 a.m.•5 views

SUSE SLES15 Security Update : python-Mako (SUSE-SU-2026:1820-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1820-1 advisory. This update for python-Mako fixes the following issue: - CVE-2026-41205: Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path...

8.7CVSS5.9AI score0.00361EPSS

Exploits0References4

Tenable Nessus•added 2026/05/14 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2026-44307

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory...

8.7CVSS5.5AI score0.00609EPSS

Exploits1References2

SUSE CVE•added 2026/05/13 2:21 p.m.•7 views

SUSE CVE-2026-44307

Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the...

8.7CVSS5.8AI score0.00609EPSS

Exploits1References3