br.com.arsmachina:tapestry-url-rewriter (>=1.0.1 <=2.0.0), br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=1.2.2) +294 more potentially affected by CVE-2026-43515 via org.apache.tomcat:catalina (>=6.0.13 <=6.0.53)

org.apache.tomcat:catalina MAVEN version =6.0.13, =1.0.1, =1.2.1, =0.1, =7.12.0, =1.0.0, =1.0.3, =9.0.3, =9.0.3, =0.7.1, =1.5, =1.8.2, =0.9.0, =1.0.0 and more Source cves: CVE-2026-43515 Source advisory: SNYK:JAVA-ORGAPACHETOMCAT-16690891...

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

In January 2026, Microsoft Defender Experts identified a new evolution in the ongoing ClickFix campaign. This updated tactic deliberately crashes victims’ browsers and then attempts to lure users into executing malicious commands under the pretext of restoring normal functionality. This variant...

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

In January 2026, Microsoft Defender Experts identified a new evolution in the ongoing ClickFix campaign. This updated tactic deliberately crashes victims’ browsers and then attempts to lure users into executing malicious commands under the pretext of restoring normal functionality. This variant...

EUVD-2022-4454

Malicious code in bioql PyPI...

CVE-2021-46897

views.py in Wagtail CRX CodeRed Extensions formerly CodeRed CMS or coderedcms before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media...

CVE-2019-10437

A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2019-10438

A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2019-10439

A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

Path Traversal

coderedcms is vulnerable to Path Traversal. An attacker could exploit this vulnerability by sending a specially crafted HTTP request to a vulnerable Wagtail CRX CodeRed Extensions server. The request would contain a specially crafted path that would cause the server to serve the attacker a file...

GHSA-H454-RQ3M-89RC Wagtail CRX CodeRed Extensions vulnerable to Path Traversal

views.py in Wagtail CRX CodeRed Extensions formerly CodeRed CMS or coderedcms before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media...

Wagtail CRX CodeRed Extensions vulnerable to Path Traversal

views.py in Wagtail CRX CodeRed Extensions formerly CodeRed CMS or coderedcms before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media...

CVE-2021-46897

views.py in Wagtail CRX CodeRed Extensions formerly CodeRed CMS or coderedcms before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media...

CVE-2021-46897

views.py in Wagtail CRX CodeRed Extensions formerly CodeRed CMS or coderedcms before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media...

PYSEC-2023-210

views.py in Wagtail CRX CodeRed Extensions formerly CodeRed CMS or coderedcms before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media...

Path traversal

views.py in Wagtail CRX CodeRed Extensions formerly CodeRed CMS or coderedcms before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media...

PYSEC-2023-210

views.py in Wagtail CRX CodeRed Extensions formerly CodeRed CMS or coderedcms before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media...

CVE-2021-46897

views.py in Wagtail CRX CodeRed Extensions formerly CodeRed CMS or coderedcms before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media...

CVE-2021-46897

views.py in Wagtail CRX CodeRed Extensions formerly CodeRed CMS or coderedcms before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media...

CVE-2021-46897

CVE-2021-46897 affects Wagtail CRX CodeRed Extensions (formerly CodeRed CMS/coderedcms) prior to 0.22.3. The vulnerability is a path traversal flaw in views.py that allows upward traversal (..%2f..%2f) when serving protected media, as documented across multiple sources (GitHub issues/PRs and vend...

Cross-site Scripting in Jenkins CRX Content Package Deployer Plugin

Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...