CVE-2026-48906

CVE-2026-48906 affects the Tassos Framework Plugin (Novarain/Tassos Framework) used with Joomla. The CVE records describe an arbitrary file deletion vulnerability in the plugin prior to version 6.1.0, enabling deletion of arbitrary files on affected sites. The CVSS analysis indicates remote acces...

Amazon Linux 2023 : python3.13-lxml (ALAS2023-2026-1679)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1679 advisory. lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input t...

Security Bulletin: Zip Slip path traversal vulnerability in jaraco.context affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential Zip Slip path traversal vulnerability in jaraco.context has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for...

CVE-2026-41066

lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to resolveentities='internal' ...

CVE-2026-34828

CVE-2026-34828 affects listmonk, a standalone self-hosted newsletter manager. A session-management vulnerability in versions 4.1.0 up to, but not including, 6.1.0 allows already-authenticated sessions to remain valid after password reset or password change, enabling an attacker with a valid sessi...

CVE-2026-34584 listmonk: Broken Access Control in CSV Import (Unauthorized List Assignment)

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, bugs in list permission checks allows users in a multi-user environment to access to lists which they don't have access to under different scenarios. This only affects multi-use...

EUVD-2026-18450

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, bugs in list permission checks allows users in a multi-user environment to access to lists which they don't have access to under different scenarios. This only affects multi-use...

CVE-2026-3383

A weakness has been identified in ChaiScript up to 6.1.0. This affects the function chaiscript::BoxedNumber::go of the file include/chaiscript/dispatchkit/boxednumber.hpp. Executing a manipulation can lead to divide by zero. The attack requires local access. The exploit has been made available to...

ChaiScript 安全漏洞

ChaiScript is an open-source programming language developed by ChaiScript. Versions of ChaiScript 6.1.0 and earlier contained security vulnerabilities, which were caused by the reuse of memory after deallocation, potentially leading to local memory corruption...

SUSE CVE-2026-23949

jaraco.context, an open-source software package that provides some useful decorators and context managers, has a Zip Slip path traversal vulnerability in the jaraco.context.tarball function starting in version 5.2.0 and prior to version 6.1.0. The vulnerability may allow attackers to extract file...

OPENSUSE-SU-2026:10077-1 python311-jaraco.context-6.1.0-1.1 on GA media

These are all security issues fixed in the python311-jaraco.context-6.1.0-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-23949

jaraco.context, an open-source software package that provides some useful decorators and context managers, has a Zip Slip path traversal vulnerability in the jaraco.context.tarball function starting in version 5.2.0 and prior to version 6.1.0. The vulnerability may allow attackers to extract file...

CVE-2026-23949 jaraco.context Has a Path Traversal Vulnerability

jaraco.context, an open-source software package that provides some useful decorators and context managers, has a Zip Slip path traversal vulnerability in the jaraco.context.tarball function starting in version 5.2.0 and prior to version 6.1.0. The vulnerability may allow attackers to extract file...

CVE-2026-23949

CVE-2026-23949 affects the Python package jaraco.context. The vulnerability is a Zip Slip path traversal in the jaraco.context.tarball() function, present in versions 5.2.0 up to, but not including, 6.1.0. The issue arises from how paths are split by strip_first_component, which can allow travers...

PT-2025-53016

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-07460-g7ae9888d6e1c 580 Description A flaw exists in the Linux kernel related to devlink snapshot handling. Specifically, the devlink region snapshot del function does not consistently hold the region lock...

EUVD-2022-24517

Malicious code in bioql PyPI...

CVE-2025-10716

A flaw has been found in Creality Cloud App up to 6.1.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.cxsw.sdprinter. Executing manipulation can lead to improper export of android application components. It is possible ...

CVE-2025-53940

CVE-2025-53940 affects Quiet, an open-source p2p chat alternative. Vulnerable in Quiet 6.1.0-alpha.4 and earlier due to an insecure, non-constant-time token verification comparison in the backend/frontend API, enabling a timing attack to guess the token character by character. The issue is resolv...

CVE-2025-50481

A cross-site scripting XSS vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post...

PYSEC-2025-137

A cross-site scripting XSS vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post...