CVE-2026-35477 InvenTree has SSTI in PART_NAME_FORMAT bypasses CVE-2026-27629 fix via {% if part.pk %} sandbox escape

InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PARTNAMEFORMAT validator to use jinja2.sandbox.SandboxedEnvironment. However, the actual renderer in part/helpers.py was not updated and still uses the non-sandboxed...

WordPress Don Peppe theme <= 1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Don Peppe versions = 1.3...

EasyVirt DC Scope和EasyVirt CO2 Scope SQL注入漏洞

EasyVirt DC Scope and EasyVirt CO2 Scope are both products of EasyVirt France.EasyVirt DC Scope is a monitoring and management solution for VMware Virtualization VMware.EasyVirt CO2 Scope is a real-time monitoring and control solution of CO2 emissions of IT services, virtual machines and servers ...

WordPress Önceki Yazı Link Plugin <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Önceki Yazı Link versions = 1.3...

PT-2023-26821 · Senec · Senec Storage Box

Name of the Vulnerable Software and Affected Versions: SENEC Storage Box versions V1, V2, and V3 Description: An unauthenticated remote attacker can obtain the devices' logfiles that contain sensitive data. Recommendations: For versions V1, V2, and V3, restrict access to the logfiles to prevent...

PT-2023-30756 · Unknown · Super Blog Me Broken Link Checker For Youtube

Name of the Vulnerable Software and Affected Versions: Super Blog Me Broken Link Checker for YouTube versions 1.3 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions. This is a type of attack where an attacker tricks a user into...

CVE-2023-47649

Cross-Site Request Forgery CSRF vulnerability in PriceListo Best Restaurant Menu by PriceListo.This issue affects Best Restaurant Menu by PriceListo: from n/a through 1.3.1...

Jenkins Pipeline Phoenix AutoTest Plugin 路径遍历漏洞

Jenkins Pipeline is a set of plug-ins that support the implementation and integration of continuous delivery pipelines into Jenkins.The Jenkins Pipeline Phoenix AutoTest Plugin 1.3 and earlier versions are vulnerable to a path traversal vulnerability that could be exploited by an attacker with...

CloudBees Jenkins MongoDB Cross-Site Request Forgery Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site request forgery...