CVE-2026-2975

A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function resetapidocs of the file /backend/app/plugin/initapp.py of the component Custom Documentation Endpoint. The manipulation results in information disclosure. The attack may be performed...

[SECURITY] Fedora 43 Update: bind-dyndb-ldap-11.11-10.fc43

This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server...

CVE-2026-24047

Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the resolveSafeChildPath utility function in @backstage/backend-plugin-api, which is...

CVE-2026-24047 @backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass

Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the resolveSafeChildPath utility function in @backstage/backend-plugin-api, which is...

CVE-2026-24047

Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the resolveSafeChildPath utility function in @backstage/backend-plugin-api, which is...

CVE-2026-24047 @backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass

Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the resolveSafeChildPath utility function in @backstage/backend-plugin-api, which is...

CVE-2026-24047 @backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass

Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the resolveSafeChildPath utility function in @backstage/backend-plugin-api, which is...

CVE-2026-24047

CVE-2026-24047 affects Backstage: @backstage/cli-common relies on resolveSafeChildPath in @backstage/backend-plugin-api, which before v0.1.17 failed to validate symlink chains and dangling symlinks. This allowed path traversal via symlink chains (e.g., link1 → link2 → /outside) and dangling symli...

@backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass

Impact The resolveSafeChildPath utility function in @backstage/backend-plugin-api, which is used to prevent path traversal attacks, failed to properly validate symlink chains and dangling symlinks. An attacker could bypass the path validation by: 1. Symlink chains: Creating link1 → link2 → /outsi...

@backstage/backend-app-api (>=0.0.0-nightly-20241221023113 <=1.4.0-next.1), @backstage/backend-defaults (>=0.0.0-nightly-20241120023536 <=0.15.0-next.2) +111 more potentially affected by CVE-2026-24047 via @backstage/backend-plugin-api (>=1.0.1-next.0 <=1.6.0)

@backstage/backend-plugin-api NPM version =1.0.1-next.0, =0.0.0-nightly-20241221023113, =0.0.0-nightly-20241120023536, =0.0.0-nightly-20241120023536, =0.2.0-next.1, =0.0.0-nightly-20241221023113, =0.0.0-nightly-20241121023535, =0.1.26-next.1, =0.0.0-nightly-20250225023230, =0.3.1-next.1,...

PT-2026-3876

Name of the Vulnerable Software and Affected Versions Backstage versions prior to 0.1.17 Description The resolveSafeChildPath utility function in @backstage/backend-plugin-api did not properly validate symlink chains and dangling symlinks, leading to a path traversal issue. An attacker could bypa...

EUVD-2021-2600

Malware in sbrugna...

EUVD-2024-52740

Malicious code in bioql PyPI...

EUVD-2022-50523

Malicious code in bioql PyPI...

CVE-2024-55088

GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery SSRF in the backend plugin module...

CVE-2023-35926

Backstage is an open platform for building developer portals. The Backstage scaffolder-backend plugin uses a templating library that requires sandbox, as it by design allows for code injection. The library used for this sandbox so far has been vm2, but in light of several past vulnerabilities and...

CVE-2022-47766

PopojiCMS v2.0.1 backend plugin function has a file upload vulnerability...

CVE-2021-43776

Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate access tokens or other...

GetSimple CMS 安全漏洞

GetSimple CMS is a content management system from GetSimple CMS open source. A security vulnerability exists in GetSimple CMS version 3.3.19, which originates from the download address of a plugin in the backend management system, and can enable server-side request forgery attacks...

CVE-2024-55088

GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery SSRF in the backend plugin module...