7 matches found
CVE-2026-27602
Modoboa contains an OS command injection vulnerability (CWE-like) due to exec_cmd paths using subprocess with shell=True and unsanitized domain/input values. In modoboa/lib/sysutils.py and related sinks (DKIM domain handling, mailbox rename, sa-learn, doveadm, rrdtool, webmail operations), domain...
EUVD-2026-11983
Missing Authorization vulnerability in Ex-Themes WP Food wp-food allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Food: from n/a through 2.7.1...
SFTPGo 路径遍历漏洞
SFTPGo is a fully functional and highly configurable SFTP server developed by the Italian developer Nicola Murino. Versions of SFTPGo prior to 2.7.1 contained a path traversal vulnerability, which was caused by improper validation of dynamic group paths. This vulnerability could lead to path...
CVE-2024-47265
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in encrypted share umount functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users to write specific files via unspecified vector...
Apache Airflow 信息泄露漏洞
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. An information disclosure vulnerability exists in Apache Airflow versions prior to...
Wordpress Plugin WPLegalPages 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...
PT-2017-14610
Name of the Vulnerable Software and Affected Versions PJSIP versions prior to 2.7.1 Description An issue was discovered in the ioqueue component of Teluu pjproject pjlib and pjlib-util in PJSIP. The ioqueue component may issue a double key unregistration after an attacker initiates a socket...