28 matches found
EUVD-2026-22321
An improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5 all versions, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR...
CVE-2026-22573
An improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5 all versions, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR...
CVE-2026-22573
An improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5 all versions, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR...
CVE-2026-22573
The CVE-2026-22573 issue affects Fortinet FortiSOAR PaaS and FortiSOAR on-premise installations (versions 7.6.0–7.6.3, 7.5 all, 7.4 all, 7.3 all) with an improper limitation of a pathname to a restricted directory (path traversal). An authenticated remote attacker may exploit File Content Extract...
CVE-2026-22573
An improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5 all versions, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR...
PT-2026-32666
An improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5 all versions, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR...
Google Research MCP Server 代码问题漏洞
The Google Research MCP Server is an AI assistant server developed by mixelpixx for providing web search and content extraction functions. There are code vulnerabilities in the Google Research MCP Server, which stem from improper handling of parameter URLs. These vulnerabilities may lead to...
Cockpit < 2.13.5 SQLi (GHSA-7x5c-vfhj-9628)
The version of Cockpit CMS running on the remote web server is prior to 2.13.5. It is, therefore, affected by a SQL injection vulnerability in the MongoLite Aggregation Optimizer. - An unsanitized field name in the toJsonExtractRaw method in lib/MongoLite/Aggregation/Optimizer.php allows an...
EUVD-2024-2005
Malicious code in bioql PyPI...
EUVD-2025-28315
Malicious code in bioql PyPI...
Relative Path Traversal
Overview Affected versions of this package are vulnerable to Relative Path Traversal via the Extract method. An attacker can gain remote code execution by uploading specially crafted archive files containing path traversal sequences in filenames, resulting in files being written to arbitrary...
Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
A Model Context Protocol MCP server implementation that integrates with Firecrawl for web scraping capabilities. Big thanks to @vrknetha, @cawstudios for the initial implementation! You can also play around with our MCP Server on MCP.so's playground. Thanks to MCP.so for hosting and @gstarwd for...
Cross-Site Scripting (XSS)
TinyMCE is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the content extraction feature, specifically when using the noneditableregexp option, which allows an attacker to execute malicious code through specially crafted HTML attributes during content extraction...
UBUNTU-CVE-2024-38356
TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditableregexp option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from t...
CVE-2024-38356 TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditableregexp option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from t...
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
Impact A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditableregexp option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from the editor. Patches This vulnerability...
GHSA-9HCV-J9PV-QMPH TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
Impact A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditableregexp option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from the editor. Patches This vulnerability...
PT-2024-5043
Name of the Vulnerable Software and Affected Versions: TinyMCE versions prior to 5.11.0 LTS TinyMCE versions prior to 6.8.4 TinyMCE versions prior to 7.2.0 Description: A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditable regexp...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to consider length when obtaining the contents of a packet...
Simple Restrict < 1.2.7 - Missing Authorization to Sensitive Information Exposure
Description The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.6 via the REST API. This makes it possible for authenticated attackers to bypass the plugin's restrictions to extract post titles and content...