6341 matches found
CVE-2026-32139
Dataease is an open source data visualization analysis tool. In DataEase 2.10.19 and earlier, the static resource upload interface allows SVG uploads. However, backend validation only checks whether the XML is parseable and whether the root node is svg. It does not sanitize active content such as...
CVE-2026-32139
DataEase is an open-source data visualization tool. In DataEase 2.10.19 and earlier, the static resource upload interface allows SVG uploads. Backend validation only checks that the XML is parseable and that the root node is svg, and does not sanitize active content (e.g., onload/onerror event ha...
DataEase 跨站脚本漏洞
DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in operations. DataEase versions 2.10.19 and earlier contained a cross-site scripting...
EUVD-2026-10907
Wisp Vulnerable to Path Traversal...
GHSA-H7CJ-J2VV-QW8R Wisp Vulnerable to Path Traversal
Summary wisp.servestatic is vulnerable to arbitrary file read via percent-encoded path traversal %2e%2e. The directory traversal sanitization runs before percent-decoding, allowing encoded .. sequences to bypass the filter. An unauthenticated attacker can read any file readable by the application...
Wisp Vulnerable to Path Traversal
Summary wisp.servestatic is vulnerable to arbitrary file read via percent-encoded path traversal %2e%2e. The directory traversal sanitization runs before percent-decoding, allowing encoded .. sequences to bypass the filter. An unauthenticated attacker can read any file readable by the application...
VulnCheck KEV: CVE-2025-52089
A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.54 allows an authenticated attacker to execute arbitrary OS commands with root privileges...
FP-Predictor - False Positive Prediction for Static Analysis Reports
Static Application Security Testing SAST tools play a vital role in modern software development by automatically detecting potential vulnerabilities in source code. However, their effectiveness is often limited by a high rate of false positives, which wastes developer's effort and undermines trus...
CVE-2026-28807
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.servestatic function is vulnerable to path traversal because sanitization runs before percent-decoding. The encoded...
CVE-2026-28807
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.servestatic function is vulnerable to path traversal because sanitization runs before percent-decoding. The encoded...
CVE-2026-28807
CVE-2026-28807 affects gleam-wisp wisp; path traversal in wisp.serve_static occurs because sanitization runs before percent-decoding, allowing %2e%2e to decode to .. and read any file the process can access. Affected versions are 2.1.1 <= wisp
CVE-2026-28807 Path Traversal in wisp.serve_static allows arbitrary file read
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.servestatic function is vulnerable to path traversal because sanitization runs before percent-decoding. The encoded...
CVE-2026-28807 Path Traversal in wisp.serve_static allows arbitrary file read
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.servestatic function is vulnerable to path traversal because sanitization runs before percent-decoding. The encoded...
CVE-2026-28807
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.servestatic function is vulnerable to path traversal because sanitization runs before percent-decoding. The encoded...
EEF-CVE-2026-28807 Path Traversal in wisp.serve_static allows arbitrary file read
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.servestatic function is vulnerable to path traversal because sanitization runs before percent-decoding. The encoded...
Security update for python-aiohttp
This update for python-aiohttp fixes the following issues: CVE-2025-69228: Fixed denial of service through large payloads bsc1256022. CVE-2025-69226: Fixed brute-force leak of internal static file path components bsc1256020. CVE-2025-69224: Fixed unicode processing of header values could cause...
SUSE-SU-2026:0859-1 Security update for python-aiohttp
This update for python-aiohttp fixes the following issues: - CVE-2025-69228: Fixed denial of service through large payloads bsc1256022. - CVE-2025-69226: Fixed brute-force leak of internal static file path components bsc1256020. - CVE-2025-69224: Fixed unicode processing of header values could...
CVE-2026-3809
A flaw has been found in Tenda FH1202 1.2.0.14408. The impacted element is the function fromNatStaticSetting of the file /goform/NatSaticSetting. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been...
Wisp 安全漏洞
Wisp is a practical Gleam web framework developed under open source, designed for rapid development and easy maintenance. Versions of Wisp from 2.1.1 to 2.2.1 contained security vulnerabilities. These vulnerabilities were caused by a path traversal vulnerability in the wisp.servestatic function,...
PT-2026-24472
Name of the Vulnerable Software and Affected Versions gleam-wisp wisp versions 2.1.1 through 2.2.0 Description A path traversal issue exists in gleam-wisp wisp that allows arbitrary file reading through percent-encoded path traversal. The wisp.serve static function is susceptible because...