151 matches found
CVE-2026-53607 @apostrophecms/file pretty-URL Vulnerable to Unauthenticated SSRF via Host header
ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, when prettyUrls: true is enabled on @apostrophecms/file a documented SEO feature for serving uploaded files at clean URLs, the public pretty-URL handler builds the upstream URL using the raw...
CVE-2026-53607
Technical details are not publicly available in the provided documents. Monitor for updates and confirm when patched versions or advisories are published.
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: python3 (UTSA-2026-014319)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014319 advisory. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD...
ALPINE-CVE-2026-32647
NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially crafted MP4 file. This issue affect...
Admidio 安全漏洞
Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Versions of Admidio 5.0.6 and earlier have security vulnerabilities. These vulnerabilities st...
CVE-2026-27483
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.9.1.1, there is a path traversal vulnerability in Mindsdb's /api/files interface, which an authenticated attacker can exploit to achieve remote command execution. The vulnerability exists in the...
CVE-2026-27483 MindsDB has Path Traversal in /api/files Leading to Remote Code Execution
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.9.1.1, there is a path traversal vulnerability in Mindsdb's /api/files interface, which an authenticated attacker can exploit to achieve remote command execution. The vulnerability exists in the...
CVE-2026-27483 MindsDB has Path Traversal in /api/files Leading to Remote Code Execution
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.9.1.1, there is a path traversal vulnerability in Mindsdb's /api/files interface, which an authenticated attacker can exploit to achieve remote command execution. The vulnerability exists in the...
CVE-2026-21620
Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp tftpfile modules, erlang otp inets tftpfile modules, erlang otp tftp tftpfile modules allows Relative Path Traversal. This vulnerability is associated with program files...
CVE-2026-21620
Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp tftpfile modules, erlang otp inets tftpfile modules, erlang otp tftp tftpfile modules allows Relative Path Traversal. This vulnerability is associated with program files...
DEBIAN-CVE-2026-21620
Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp tftpfile modules, erlang otp inets tftpfile modules, erlang otp tftp tftpfile modules allows Relative Path Traversal. This vulnerability is associated with program files...
AZL-78278 CVE-2026-21620 affecting package erlang 25.3.2.21-4
Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp tftpfile modules, erlang otp inets tftpfile modules, erlang otp tftp tftpfile modules allows Relative Path Traversal. This vulnerability is associated with program files...
EEF-CVE-2026-21620 TFTP Path Traversal
Summary Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp tftpfile modules, erlang otp inets tftpfile modules, erlang otp tftp tftpfile modules allows Relative Path Traversal. This vulnerability is associated with program files...
CVE-2026-21620
Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp tftpfile modules, erlang otp inets tftpfile modules, erlang otp tftp tftpfile modules allows Relative Path Traversal. This vulnerability is associated with program files...
CVE-2025-70085
An issue was discovered in OpenSatKit 2.2.1. The EventErrStr buffer has a fixed size of 256 bytes. The code uses sprintf to format two filenames Source1Filename and the string returned by FileUtilFileStateStr into this buffer without any length checking and without using bounded format specifiers...
Exploit for Improper Privilege Management in Webmin
CVE-2019-9624 Authenticated RCE for Webmin 1.9.0 Webmin 1.9...
Security update for python
This update for python fixes the following issues: CVE-2025-6075: quadratic complexity in os.path.expandvars can lead to performance degradation when values passed to it are user-controlled bsc1252974. CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory EOCD record allows...
EUVD-2025-199664
Files is a module for managing files inside spaces and user profiles. Prior to versions 0.16.11 and 0.17.2, insufficient authorization checks allow non-member users to create new folders, up- and download files as a ZIP archive in public spaces. Private spaces are not affected. This issue has bee...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the Bundle Handler component when processing the Version argument. An attacker can access or modify files outside the intended directory by supplying crafted input remotely. Details A Directory Traversal attack...
EUVD-2020-6197
Malware in sbrugna...