EUVD-2026-20769

parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs.py where LNK file paths are passed unsanitized into an os.popen shell command, allowing arbitrary command execution via crafted .lnk filenames containing shell metacharacters. An attacker can craft a .lnk filename wi...

parseusbs 操作系统命令注入漏洞

Parseusbs is a USB-connected recording and forensic analysis tool developed by Khyrenz Ltd. Versions of Parseusbs prior to 1.9 contained a vulnerability related to operating system command injection. This vulnerability arose from the fact that the volume list path parameters were passed directly ...

CVE-2025-39463 WordPress Dessau theme < 1.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Dessau dessau allows PHP Local File Inclusion.This issue affects Dessau: from n/a through 1.9...

WordPress plugin Youtube Video Grid 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2021-24644

The Images to WebP WordPress plugin before 1.9 does not validate or sanitise the tab parameter before passing it to the include function, which could lead to a Local File Inclusion issue...

PT-2020-15250 · Kata Containers · Kata Containers

Name of the Vulnerable Software and Affected Versions: Kata Containers versions prior to 1.11.1 Kata Containers versions prior to 1.10.5 Kata Containers version 1.9 and earlier Description: A malicious guest compromised before a container creation, such as a malicious guest image or a guest runni...

Kubernetes CRI-O Privilege Acquisition Vulnerability

Kubernetes CRI-O is a container-based implementation of the Kubernetes Container Runtime Interface. A security vulnerability exists in Kubernetes CRI-O versions prior to 1.9. An attacker can exploit the vulnerability to gain privileges...

DEBIAN-CVE-2017-5662

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a ful...

PT-2017-16654 · Apache +2 · Apache Batik +2

Name of the Vulnerable Software and Affected Versions: Apache Batik versions prior to 1.9 Description: The issue allows arbitrary users to reveal files on the server's filesystem by sending maliciously formed SVG files. The types of files that can be accessed depend on the user context in which t...