Linux Distros Unpatched Vulnerability : CVE-2026-44307

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory...

SUSE CVE-2026-44307

Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the...

CVE-2026-44307

Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the...

UBUNTU-CVE-2026-44307

Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the...

CVE-2026-44307 Mako: Path traversal via backslash URI on Windows in TemplateLookup

Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the...

CVE-2026-44307

CVE-2026-44307 describes a Windows-specific path traversal in the Mako template library prior to 1.3.12. A URI using backslash traversal (for example, \..\..\secret.txt) bypasses the directory traversal check in Template.__init__ and the posixpath-based normalization in TemplateLookup.get_templat...

CVE-2026-44307

Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the...

CVE-2026-44307 Mako: Path traversal via backslash URI on Windows in TemplateLookup

Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the...

mako 路径遍历漏洞

Mako is an open-source template library written in Python by SQLAlchemy. It offers a familiar non-XML syntax, which can be compiled into Python modules for optimal performance. Prior to Mako 1.3.12, there was a path traversal vulnerability. This vulnerability stemmed from a bypass of directory...

EUVD-2026-15791

Deserialization of Untrusted Data vulnerability in ThemeREX Love Story lovestory allows Object Injection.This issue affects Love Story: from n/a through = 1.3.12...

CVE-2026-27082

Deserialization of Untrusted Data vulnerability in ThemeREX Love Story lovestory allows Object Injection.This issue affects Love Story: from n/a through = 1.3.12...

WordPress Love Story theme <= 1.3.12 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Love Story versions = 1.3.12...

📄 yuan1994 tpadmin Shell Upload

yuan1994 tpadmin versions up to 1.3.12 suffers from a remote shell upload vulnerability. tpadmin-CVE-2026-2113-poc A proof-of-concept exploiting a Remote Code Execution with web server privileges via Arbitrary File Upload. Vulnerability Description A critical Remote Code Execution vulnerability...

CVE-2026-2113 yuan1994 tpadmin WebUploader preview.php deserialization

A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible to be carried out...

CVE-2026-2113

A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible to be carried out...

PT-2026-6920

Name of the Vulnerable Software and Affected Versions yuan1994 tpadmin versions up to 1.3.12 Description A security issue exists in yuan1994 tpadmin up to version 1.3.12. The issue is related to deserialization within the WebUploader component, specifically in the file...

tpAdmin 代码问题漏洞

tpAdmin is a management backend developed by Ethan as an individual developer, based on ThinkPHP5. Versions of tpadmin 1.3.12 and earlier have code vulnerabilities. These vulnerabilities stem from incorrect operations with the library...

PT-2026-1599

Name of the Vulnerable Software and Affected Versions Optional Email versions prior to 1.3.12 Description The Optional Email plugin for WordPress is susceptible to a privilege escalation issue leading to account takeover. This occurs because the plugin does not limit the 'random password' filter ...

EUVD-2025-204156

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Basil basil allows PHP Local File Inclusion.This issue affects Basil: from n/a through = 1.3.12...

CVE-2025-58940

CVE-2025-58940 describes a Local File Inclusion vulnerability in the WordPress Basil theme, caused by improper control of the filename for include/require statements in PHP. The affected product is the Basil WordPress theme, version range from unknown/n-a up to and including 1.3.12. The issue is ...