CVE-2026-25228

Signal K Server is a server application that runs on a central hub in a boat. Prior to 2.20.3, a path traversal vulnerability in SignalK Server's applicationData API allows authenticated users on Windows systems to read, write, and list arbitrary files and directories on the filesystem. The...

CVE-2025-10279

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...

CVE-2026-25228

Signal K Server is a server application that runs on a central hub in a boat. Prior to 2.20.3, a path traversal vulnerability in SignalK Server's applicationData API allows authenticated users on Windows systems to read, write, and list arbitrary files and directories on the filesystem. The...

mlflow Creates of Temporary File in Directory with Insecure Permissions

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...

PT-2026-5731

Name of the Vulnerable Software and Affected Versions SignalK Server versions prior to 2.20.3 Description SignalK Server contains a path traversal issue in the applicationData API. Authenticated users on Windows systems can potentially read, write, and list arbitrary files and directories on the...

EUVD-2024-36504

Malicious code in bioql PyPI...

PT-2024-27383 · Unknown · Transition Slider

Name of the Vulnerable Software and Affected Versions: Transition Slider – Responsive Image Slider and Gallery versions n/a through 2.20.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stor...

GHSA-7CWQ-P8CR-H9QG Buttercup allows attackers to obtain the hash of the master password

Buttercup allows attackers to obtain the hash of the master password for the password manager via accessing the file /vaults.json/. This affects the Buttercup app up to version 2.20.3...

Buttercup allows attackers to obtain the hash of the master password

Buttercup allows attackers to obtain the hash of the master password for the password manager via accessing the file /vaults.json/. This affects the Buttercup app up to version 2.20.3...

Domain Name Relay Daemon 安全漏洞

Domain Name Relay Daemon DNRD is a Sourceforge open source caching, forwarding DNS proxy server. A security vulnerability exists in DNRD Domain Name Relay Daemon version 2.20.3, which stems from a domain name and its associated IP address being cached in its misinterpreted form, where the...

openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2018:3473-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2018:2285-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2018-8041

Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal...

Updated webkit2 packages fix security vulnerability

The webkit2 package has been updated to version 2.20.3, fixing several security issues and other bugs...

AbleDesign MyCalendar 2.20.3 - index.php Multiple Cross-Site Scripting Vulnerabilities

AbleDesign MyCalendar 2.20.3 - index.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/22635/info MyCalendar is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage thes...

AbleDesign MyCalendar 2.20.3 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/22635/info MyCalendar is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...