EUVD-2026-14984

Astro: Remote allowlist bypass via unanchored matchPathname wildcard...

CVE-2026-33769

Astro is a web framework. From version 2.10.10 to before version 5.18.1, this issue concerns Astro's remotePatterns path enforcement for remote URLs used by server-side fetchers such as the image optimization endpoint. The path matching logic for / wildcards is unanchored, so a pathname that...

CVE-2026-33769 Astro: Remote allowlist bypass via unanchored matchPathname wildcard

Astro is a web framework. From version 2.10.10 to before version 5.18.1, this issue concerns Astro's remotePatterns path enforcement for remote URLs used by server-side fetchers such as the image optimization endpoint. The path matching logic for / wildcards is unanchored, so a pathname that...

CVE-2025-54305

CVE-2025-54305 affects Thermo Fisher Torrent Suite Django application version 5.18.1. The LocalhostAuthMiddleware authenticates users as ionadmin when request.META[REMOTE_ADDR] is 127.0.0.1, 127.0.1.1, or ::1, allowing any user with local server access to bypass authentication. Documented impact ...

CVE-2025-54305

An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. One of the middlewares included in this application, LocalhostAuthMiddleware, authenticates users as ionadmin if the REMOTEADDR property in request.META is set to 127.0.0.1, to 127.0.1.1, or to ::1. Any user wit...

Thermo Fisher Torrent Suite Django application 安全漏洞

Thermo Fisher Torrent Suite Django application is a core software component of Thermo Fisher USA. A security vulnerability exists in Thermo Fisher Torrent Suite Django application version 5.18.1, which stems from improper path cleanup in the file upload feature and could lead to remote code...

Thermo Fisher Torrent Suite Django application 安全漏洞

Thermo Fisher Torrent Suite Django application is a core software component of Thermo Fisher, Inc. A security vulnerability exists in Thermo Fisher Torrent Suite Django application version 5.18.1, which stems from insufficient validation of inputs to the network configuration function and could...

Thermo Fisher Torrent Suite Django application 安全漏洞

Thermo Fisher Torrent Suite Django application is a core software component of Thermo Fisher USA. A security vulnerability exists in Thermo Fisher Torrent Suite Django application version 5.18.1, which originates in the LocalhostAuthMiddleware middleware that performs automated authentication to ...

GHSA-7WJ8-856P-QC9M Stored XSS in REDAXO

Summary Stored XSS in REDAXO 5.18.1 - Article / "content/edit". Details On the latest version of Redaxo, v5.18.1, the article name field is susceptible to stored XSS. Impact A malicious actor can easily steal cookie using this stored XSS and perform a session hijacking attack...

REDAXO 代码注入漏洞

REDAXO is REDAXO open source a content management system . REDAXO 5.18.1 version of the existence of code injection vulnerability , the vulnerability stems from the file / index.php?page=structure&categoryid=1&articleid=1&clang=1&function=editart&artstart=0 of Article Name parameter can lead to...

PT-2024-24391 · Aitthemes · Aitthemes Citadela Listing

Name of the Vulnerable Software and Affected Versions: AitThemes Citadela Listing versions through 5.18.1 Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where sensitive data is made available to individuals who should not hav...

WordPress Plugin Citadela Listing 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Citadela Listing Version...

WordPress Citadela Listing Plugin <= 5.18.1 is vulnerable to Sensitive Data Exposure

Software Citadela Listing Type Plugin Vulnerable versions = 5.18.1 Fixed in 5.19.1 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-32086 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID a5c3aebb62b7 Credits Dave Jong Patchstack...

Linux kernel 资源管理错误漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in Linux kernel version 5.18.1 and earlier versions, which stems from net/netfilter/nftablesapi.c allows a local user to escalate privileges to root, which can be exploite...