Cross-site Scripting (XSS)

Overview org.jenkins-ci.plugins:buildgraph-view is a plugin that computes a graph of related builds starting from the current one, and render it as a graph. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to not escaping the build URL.This results in a stored...

CVE-2026-32871

A flaw was found in FastMCP. An authenticated attacker can exploit a path traversal vulnerability in the buildurl method of the RequestDirector class. By manipulating path parameters in an OpenAPI operation, an attacker can use directory traversal sequences ../ to bypass the intended API prefix...

CVE-2026-32871

FastMCP is a Pythonic way to build MCP servers and clients. Prior to version 3.2.0, the OpenAPIProvider in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The RequestDirector class is responsible for constructing HTTP requests to the backend service. A vulnerabilit...

Abstrium Pydio Cells Cross-Site Scripting Vulnerability (CNVD-2020-33352)

Abstrium Pydio Cells is a next-generation file-sharing platform developed in the Go language by Abstrium France. A security vulnerability exists in Abstrium Pydio Cells version 2.0.4. The vulnerability can be exploited by an attacker to access other users' personal photos via a build URL...

Fedora 27 : fedpkg / rpkg (2017-9cac2b8b4a)

Update - Fixed chain-build - Remove hard dependency of bash-completion from fedpkg rpkg - Ignore TestModulesCli if openidc-client is unavailable cqi - Port mbs-build to rpkg mprahl - Add .vscode to .gitignore mprahl - Fix TestPatch.testrediff in order to run with old version of mock cqi - Allow t...