Astra Linux - уязвимость в requests

Requests is an HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This issue arises due to the way we use rebuildproxies to reattach the Proxy-Authorization header to requests. For HTTP connections...

CVE-2026-32394

Missing Authorization vulnerability in PublishPress PublishPress Capabilities capability-manager-enhanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Capabilities: from n/a through = 2.31.0...

EUVD-2026-11907

Missing Authorization vulnerability in PublishPress PublishPress Capabilities capability-manager-enhanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Capabilities: from n/a through = 2.31.0...

CVE-2026-32394

Missing Authorization vulnerability in PublishPress PublishPress Capabilities capability-manager-enhanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Capabilities: from n/a through = 2.31.0...

CVE-2026-32394

The CVE-2026-32394 entry concerns the WordPress PublishPress Capabilities plugin (capability-manager-enhanced) with a Broken Access Control/Missing Authorization issue. Affected component: PublishPress Capabilities, versions up to and including 2.31.0. Root cause: incorrectly configured access co...

ZITADEL 安全漏洞

ZITADEL is a modern open-source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak, developed for the era of containers and serverless environments by ZITADEL in Switzerland. There were security vulnerabilities in versions of ZITADEL between 2.31.0 and 3.4.7, as well as in version...

EUVD-2021-0160

Malware in sbrugna...

EUVD-2024-2724

Malicious code in bioql PyPI...

CVE-2024-47536

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. A user with the editmyprivateinfo right or who can otherwise change their name can XSS themselves by setting their "real name" to an XSS payload. This vulnerability is fixed in 2.31.0...

WebFileSys 2.31.0 - Directory Path Traversal

Exploit Title: WebFileSys 2.31.0 - Directory Path Traversal in relPath Parameter Date: Nov 25, 2024 Exploit Author: Korn Chaisuwan, Charanin Thongudom, Pongtorn Angsuchotmetee Vendor Homepage: http://www.webfilesys.de/webfilesys-home/index.html Software Link:...

CVE-2024-53586

An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the parameter, attackers can manipulate file paths and gain unauthorized access to sensitive files, potentially exposing...

WebFileSys 安全漏洞

WebFileSys is a Web-based multi-user file manager written in Java from WebFileSys, Inc. A security vulnerability exists in WebFileSys version 2.31.0, which stems from a problem with the relPath parameter that allows an attacker to perform directory traversal via a crafted HTTP request...

PT-2025-1789 · Siteorigin · The Page Builder By Siteorigin

Name of the Vulnerable Software and Affected Versions: The Page Builder by SiteOrigin plugin for WordPress versions up to, and including, 2.31.0 Description: The issue is related to Stored Cross-Site Scripting via the row label parameter due to insufficient input sanitization and output escaping...

CVE-2024-47536

Citizen is a MediaWiki skin where a vulnerability allows a user with the editmyprivateinfo right (or someone who can modify their own name) to inject XSS by setting the real name to a payload. Affected components: Citizen skin and related user-info handling in includes/Components/CitizenComponent...

EulerOS Virtualization 2.9.0 : python-pip (EulerOS-SA-2023-2995)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination server...

EulerOS Virtualization 2.11.0 : python-requests (EulerOS-SA-2023-2772)

According to the versions of the python-requests package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination...

RHEL 8 : python27:2.7 (RHSA-2023:7042)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7042 advisory. Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types...

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2023-2626)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : python-pip (EulerOS-SA-2023-2596)

According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirect...

UBUNTU-CVE-2023-32681

Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use rebuildproxies to reattach the Proxy-Authorization header to requests. For HTTP connections sent...