7 matches found
CVE-2026-39418
CVE-2026-39418 MaxKB is affected in versions ≤ 2.7.1 where the sandbox’s network protection can be bypassed. An authenticated user with tool-editing permissions can reach internal services blocked by the sandbox by using socket.sendto() with the MSG_FASTOPEN flag. MaxKB’s sandbox relies on LD_PRE...
PT-2026-2804
Name of the Vulnerable Software and Affected Versions GuardDog versions prior to 2.7.1 Description GuardDog, a CLI tool for identifying malicious PyPI packages, contains a flaw in its safe extract function. This function does not validate the size of decompressed files when handling ZIP archives,...
GO-2025-4085 Zitadel allows brute-forcing authentication factors in github.com/zitadel/zitadel
Zitadel allows brute-forcing authentication factors in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...
CVE-2023-5577
The Bitly's plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpbitly' shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...
SUSE CVE-2022-23578
Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of ImmutableExecutorState::Initialize. Here, we set item-kernel to nullptr but it is a simple OpKernel pointer so the memory that was previously allocated to it...
WordPress plugin JS Help Desk 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A security vulnerability exists in WordPress plugin...
Lfi-ProcessWire Cms 路径遍历漏洞
Ryan Cramer Design Lfi-ProcessWire Cms is a free Content Management System Cms and Framework Cmf from Ryan Cramer Design USA designed to save you time and work the way you want. A path traversal vulnerability exists in Ryan Cramer Design Lfi-ProcessWire Cms versions prior to 2.7.1, which stems fr...