PT-2026-4961

improper pointer arithmetic vulnerability in ProjectSkyfire SkyFire 548.This issue affects SkyFire 548: before 5.4.8-stable5...

GHSA-XPQM-WM3M-F34H pnpm scoped bin name Path Traversal allows arbitrary file creation outside node_modules/.bin

Summary A path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of nodemodules/.bin. Bin names starting with @ bypass validation, and after scope normalization, path traversal sequences like ../../ remain intact. Details Th...

CVE-2026-20750

Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization. Mitigation Mitigation for this issue is either not available or the currently available...

CVE-2025-70368

Worklenz version 2.1.5 contains a Stored Cross-Site Scripting XSS vulnerability in the Project Updates feature. An attacker can submit a malicious payload in the Updates text field which is then rendered in the reporting view without proper sanitization. Malicious JavaScript may be executed in a...

Apache Continuum vulnerable to Command Injection through Installations REST API

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Continuum. This issue affects Apache Continuum: all versions. Attackers with access to the Installations REST API can use this to invoke arbitrary commands on the...

GHSA-77P9-W6PJ-RMVG Apache Continuum vulnerable to Command Injection through Installations REST API

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Continuum. This issue affects Apache Continuum: all versions. Attackers with access to the Installations REST API can use this to invoke arbitrary commands on the...

CVE-2016-15057

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Continuum. This issue affects Apache Continuum: all versions. Attackers with access to the installations REST API can use this to invoke arbitrary commands on the...

CVE-2016-15057

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Continuum. This issue affects Apache Continuum: all versions. Attackers with access to the installations REST API can use this to invoke arbitrary commands on the...

CVE-2016-15057 Apache Continuum: Command injection leading to RCE

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Continuum. This issue affects Apache Continuum: all versions. Attackers with access to the installations REST API can use this to invoke arbitrary commands on the...

CVE-2016-15057

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Continuum. This issue affects Apache Continuum: all versions. Attackers with access to the installations REST API can use this to invoke arbitrary commands on the...

CVE-2016-15057 Apache Continuum: Command injection leading to RCE

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Continuum. This issue affects Apache Continuum: all versions. Attackers with access to the installations REST API can use this to invoke arbitrary commands on the...

EUVD-2016-10802

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Continuum. This issue affects Apache Continuum: all versions. Attackers with access to the installations REST API can use this to invoke arbitrary commands on the...

CVE-2016-15057

Apache Continuum is affected by a command injection vulnerability due to improper neutralization of special elements in commands. Affected component: Installations REST API (REST API access can be used to invoke arbitrary commands on the server). Impact: potential remote code execution with high ...

CVE-2025-70368

Worklenz version 2.1.5 contains a Stored Cross-Site Scripting XSS vulnerability in the Project Updates feature. An attacker can submit a malicious payload in the Updates text field which is then rendered in the reporting view without proper sanitization. Malicious JavaScript may be executed in a...

PT-2026-4804

Name of the Vulnerable Software and Affected Versions Worklenz version 2.1.5 Description Worklenz version 2.1.5 has a Stored Cross-Site Scripting XSS issue in the Project Updates feature. An attacker can inject a malicious payload into the Updates text field. This payload is then displayed in the...

EUVD-2025-206349

Worklenz version 2.1.5 contains a Stored Cross-Site Scripting XSS vulnerability in the Project Updates feature. An attacker can submit a malicious payload in the Updates text field which is then rendered in the reporting view without proper sanitization. Malicious JavaScript may be executed in a...

CVE-2025-70368

Worklenz version 2.1.5 contains a Stored Cross-Site Scripting XSS vulnerability in the Project Updates feature. An attacker can submit a malicious payload in the Updates text field which is then rendered in the reporting view without proper sanitization. Malicious JavaScript may be executed in a...

CVE-2025-70368

Worklenz version 2.1.5 contains a Stored Cross-Site Scripting XSS vulnerability in the Project Updates feature. An attacker can submit a malicious payload in the Updates text field which is then rendered in the reporting view without proper sanitization. Malicious JavaScript may be executed in a...

PT-2026-4853

A flaw has been found in Totolink A8000RU 7.1cu.643 b20200521. This issue affects the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mode causes os command injection. The attack is possible to be carried out remotely. The...

Worklenz security vulnerabilities

Worklenz is a project management tool developed by Worklenz as open source. Version 2.1.5 of Worklenz contains a security vulnerability, which stems from improper input handling during project updates. This vulnerability may lead to storage-based cross-site scripting attacks...