SUSE-SU-2026:1820-1 Security update for python-Mako

This update for python-Mako fixes the following issue: - CVE-2026-41205: Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal bsc1262716...

OPENSUSE-SU-2026:20645-1 Security update for python-Mako

This update for python-Mako fixes the following issue: - CVE-2026-41205: Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal bsc1262716...

CVE-2026-41205

Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be...

PYSEC-2026-88

Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be...

PYSEC-2026-88

Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be...

CVE-2026-41205

Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be...

CVE-2026-41205 Mako: Path traversal via double-slash URI prefix in TemplateLookup

Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be...

CVE-2026-41205

Mako (Python) prior to 1.3.11 is affected by a path traversal vulnerability in TemplateLookup.get_template() when a URI starts with // (e.g., //../../../secret.txt). The root cause is an inconsistency between two slash‑stripping implementations. If an application passes untrusted input directly t...

CVE-2026-41205

Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be...

CVE-2026-41205

Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be...

PT-2026-34725

Name of the Vulnerable Software and Affected Versions Mako versions prior to 1.3.11 Description Mako is a template library written in Python. The get template function within TemplateLookup is susceptible to path traversal when a URI begins with //. This occurs due to an inconsistency between two...

CVE-2019-25703

ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Attackers can send POST requests to the admin.php endpoint with malicious 'bid' values containing SQL...

CVE-2019-25703 ImpressCMS 1.3.11 SQL Injection via bid Parameter

ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Attackers can send POST requests to the admin.php endpoint with malicious 'bid' values containing SQL...

ImpressCMS SQL注入漏洞

ImpressCMS is a modular content management system CMS based on MySQL, developed by ImpressCMS Inc. This system includes modules for news publishing, forums, and photo albums. Version 1.3.11 of ImpressCMS has a SQL injection vulnerability, which stems from insufficient input validation for the bid...

EUVD-2026-9747

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Sounder sounder allows PHP Local File Inclusion.This issue affects Sounder: from n/a through = 1.3.11...

CVE-2026-28092

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Sounder sounder allows PHP Local File Inclusion.This issue affects Sounder: from n/a through = 1.3.11...

CVE-2026-28092 WordPress Sounder theme <= 1.3.11 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Sounder sounder allows PHP Local File Inclusion.This issue affects Sounder: from n/a through = 1.3.11...

PT-2026-23367

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Sounder sounder allows PHP Local File Inclusion.This issue affects Sounder: from n/a through = 1.3.11...

CVE-2026-25577

Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmettcore.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attackers to trigger HTTP 500 errors and cause...

CVE-2026-25577 Emmett has an Unhandled CookieError Exception Causing Denial of Service

Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmettcore.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attackers to trigger HTTP 500 errors and cause...