12 matches found
PYSEC-2026-309 ChainerRL Visualizer 0.1.1 vulnerable to Path Traversal via unsafe use of send_file function
The chainer/chainerrl-visualizer repository through 0.1.1 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2026-12089
The vulnerability CVE-2026-12089 affects the WordPress plugin “LWS Optimize – All-in-One Speed Booster & Cache Tools” up to version 3.3.19. The root cause is in the combine_current_css() function, which trusts href values harvested from page HTML and converts same-site URLs to absolute filesyste...
CVE-2026-22739 Spring Cloud Config Profile Substitution Can Allow Unintended Access To Files And Enable SSRF Attacks
Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spring Cloud Config Server configured to the native file system as a backend, because it was possible to access files outside of the configured search directories.This issue affects Spring Cloud: from...
CVE-2022-31549
The olmax99/helm-flask-celery repository before 2022-05-25 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
EUVD-2007-1083
Malware in sbrugna...
UBUNTU-CVE-2023-29403
On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I...
CVE-2022-31544
The meerstein/rbtm repository through 1.5 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31518
The JustAnotherSoftwareDeveloper/Python-Recipe-Database repository through 2021-03-31 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
Design/Logic Flaw
Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to "unsafe file access."...
CVE-2007-1086
Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to "unsafe file access."...
CVE-2007-1086
Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to "unsafe file access."...
CVE-2007-1086
IBM DB2 vulnerable components: 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2. Local users can create or modify arbitrary files via unsafe file access controlled by unspecified environment variables. Root cause: environment-variable handling allows file writes. Impact is limited to local atta...