1622 matches found
CVE-2026-29780
emlparser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed information. Prior to version 2.0.1, the official example script examples/recursivelyextractattachments.py contains a path traversal vulnerability that allows...
CVE-2026-29780
emlparser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed information. Prior to version 2.0.1, the official example script examples/recursivelyextractattachments.py contains a path traversal vulnerability that allows...
CVE-2026-29780 eml_parser: Path Traversal in Official Example Script Leading to Arbitrary File Write
emlparser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed information. Prior to version 2.0.1, the official example script examples/recursivelyextractattachments.py contains a path traversal vulnerability that allows...
CVE-2026-29780
Summary: CVE-2026-29780 affects the Python eml_parser library. The vulnerability resides in the official example script (examples/recursively_extract_attachments.py), where attachment filenames are used directly to build output paths without sanitization, enabling an attacker-controlled filename ...
CVE-2026-29780 eml_parser: Path Traversal in Official Example Script Leading to Arbitrary File Write
emlparser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed information. Prior to version 2.0.1, the official example script examples/recursivelyextractattachments.py contains a path traversal vulnerability that allows...
CVE-2026-29780 eml_parser: Path Traversal in Official Example Script Leading to Arbitrary File Write
emlparser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed information. Prior to version 2.0.1, the official example script examples/recursivelyextractattachments.py contains a path traversal vulnerability that allows...
xgrammar vulnerable to DoS via multi-layer nesting
Summary The multi-level nested syntax caused a segmentation fault core dump. Details A trigger stack overflow or memory exhaustion was caused by constructing a malicious grammar rule containing 30,000 layers of nested parentheses. PoC !/usr/bin/env python3 """ XGrammar - Math Expression Generatio...
GHSA-389R-RCCM-H3H5 eml_parser: Path Traversal in Official Example Script Leads to Arbitrary File Write
Summary The official example script examples/recursivelyextractattachments.py contains a path traversal vulnerability that allows arbitrary file write outside the intended output directory. Attachment filenames extracted from parsed emails are directly used to construct output file paths without...
eml_parser: Path Traversal in Official Example Script Leads to Arbitrary File Write
Summary The official example script examples/recursivelyextractattachments.py contains a path traversal vulnerability that allows arbitrary file write outside the intended output directory. Attachment filenames extracted from parsed emails are directly used to construct output file paths without...
PT-2026-23443
Name of the Vulnerable Software and Affected Versions eml parser versions prior to 2.0.1 Description The eml parser module, used for parsing eml files, contains a path traversal issue in the example script examples/recursively extract attachments.py. This allows for arbitrary file write outside t...
curl: Use after free in hyperfifo example
Summary: THIS ONLY IS AN ISSUE IN EXAMPLE CODE, NOT CURL ITSELF! In the hyperfifo example the event base is freed before the curlmulticleanup is called. This leads to a use after free in the addsocket callback, when libevent tries to lock a mutex in the base event during the curl shutdown. Link t...
Craft CMS has Stored XSS in Table Field via "HTML" Column Type
A stored Cross-site Scripting XSS vulnerability exists in the editableTable.twig component when using the html column type. The application fails to sanitize the input, allowing an attacker to execute arbitrary JavaScript when another user views a page with the malicious table field. Prerequisite...
CVE-2026-3025
A flaw has been found in ShuoRen Smart Heating Integrated Management Platform 1.0.0. Affected by this vulnerability is an unknown functionality of the file /MP/Service/Webservice/ExampleNodeService.asmx. Executing a manipulation of the argument File can lead to unrestricted upload. It is possible...
CVE-2026-3025 ShuoRen Smart Heating Integrated Management Platform ExampleNodeService.asmx unrestricted upload
A flaw has been found in ShuoRen Smart Heating Integrated Management Platform 1.0.0. Affected by this vulnerability is an unknown functionality of the file /MP/Service/Webservice/ExampleNodeService.asmx. Executing a manipulation of the argument File can lead to unrestricted upload. It is possible...
CVE-2026-3025
Affects ShuoRen Smart Heating Integrated Management Platform 1.0.0. The vulnerability lies in an unknown functionality of the file /MP/Service/Webservice/ExampleNodeService.asmx, where manipulating the File argument can cause unrestricted file upload. Exploitation is remote, and an exploit has be...
PT-2026-21556
Name of the Vulnerable Software and Affected Versions ShuoRen Smart Heating Integrated Management Platform version 1.0.0 Description A flaw exists in ShuoRen Smart Heating Integrated Management Platform version 1.0.0, related to an unknown functionality within the file...
Command Injection
Apache Airflow is vulnerable to Command Injection. The vulnerability is due to a non-validated parameter in the exampledagdecorator example DAG, which allows an attacker to redirect execution to a malicious server and execute arbitrary code on a worker when example DAGs are enabled...
Decidim's private data exports can lead to data leaks
Impact Private data exports can lead to data leaks in cases where the UUID generation causes collisions for the generated UUIDs. The bug was introduced by 13571 and affects Decidim versions 0.30.0 or newer currently 2025-09-23. This issue was discovered by running the following spec several times...
EUVD-2020-30934
OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting XSS attack via the /graphql endpoint. An attacker can inject arbitrary JavaScript code by sending a crafted GET request with a malicious payload in the query string, leading to execution of JavaScript in the victim's browser. For...
CVE-2020-36945
WebDamn User Registration Login System contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating email credentials. Attackers can inject the payload '' OR '1'='1' in both username and password fields to gain unauthorized access to...