nautobot-bgp-models (>=3.0.0a1 <=3.0.0a2), nautobot-capacity-metrics (=4.0.0a1) +12 more potentially affected by CVE-2026-34203 via nautobot (=3.0.0rc2)

nautobot PYPI version =3.0.0rc2 is affected by a known vulnerability. The following packages have a transitive dependency on nautobot and may be impacted: - nautobot-bgp-models =3.0.0a1, =3.0.0rc1, =4.0.0a1, =3.0.0a1, =4.0.0a1, =4.0.0a2 - nautobot-ssot =4.0.0a1 - nautobot-welcome-wizard =3.0.0a1...

EUVD-2025-26399

Malicious code in bioql PyPI...

EUVD-2025-26401

Malicious code in bioql PyPI...

CVE-2025-52544

E3 Site Supervisor Control firmware version 2.31F01 has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can access any file from the E3 file system...

CVE-2025-52546

E3 Site Supervisor Control firmware version 2.31F01 has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can inject a stored XSS to the floorplan web page...

CVE-2025-52546

E3 Site Supervisor Control firmware version 2.31F01 has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can inject a stored XSS to the floorplan web page...

CVE-2025-52544

E3 Site Supervisor Control firmware version 2.31F01 has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can access any file from the E3 file system...

CVE-2025-52544

E3 Site Supervisor Control firmware version 2.31F01 has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can access any file from the E3 file system...

CVE-2025-52546 Stored XSS by uploading a specially crafted floor plan file

E3 Site Supervisor Control firmware version 2.31F01 has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can inject a stored XSS to the floorplan web page...

CVE-2025-52546

The CVE-2025-52546 entry concerns Copeland E3 Site Supervisor Control firmware prior to 2.31F01. The floor plan feature allows an unauthenticated user to upload floor plan files, which can inject a stored XSS on the floorplan web page. Documented impact is stored XSS with potential user interacti...

CVE-2025-52546 Stored XSS by uploading a specially crafted floor plan file

E3 Site Supervisor Control firmware version 2.31F01 has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can inject a stored XSS to the floorplan web page...

CVE-2025-52544 Arbitrary read file from the filesystem

E3 Site Supervisor Control firmware version 2.31F01 has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can access any file from the E3 file system...

CVE-2025-52544 Arbitrary read file from the filesystem

E3 Site Supervisor Control firmware version 2.31F01 has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can access any file from the E3 file system...

Copeland E3 Supervisory Control 安全漏洞

Copeland E3 Supervisory Control is an industrial equipment control system from Copeland, USA. A security vulnerability exists in Copeland E3 Supervisory Control versions prior to 2.31F01, which stems from mishandling of the floor plan feature and could result in uploading a specially crafted file...

PT-2025-35553

Name of the Vulnerable Software and Affected Versions: E3 Site Supervisor Control versions prior to 2.31F01 Description: E3 Site Supervisor Control firmware version prior to 2.31F01 has a floor plan feature that allows an unauthenticated attacker to upload floor plan files. By uploading a special...

PT-2025-35555

Name of the Vulnerable Software and Affected Versions: E3 Site Supervisor Control versions prior to 2.31F01 Description: E3 Site Supervisor Control’s floor plan feature allows an unauthenticated attacker to upload floor plan files. Uploading a specially crafted floor plan file can lead to a store...

Copeland E3 Supervisory Control 安全漏洞

Copeland E3 Supervisory Control is an industrial equipment control system from Copeland, USA. A security vulnerability exists in Copeland E3 Supervisory Control versions prior to 2.31F01, which stems from improper handling of the floor plan feature and could lead to a stored cross-site scripting...

Draytek VigorConnect Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability exists in the Profile Name field of the Floor Plan Network Menu page in Draytek VigorConnect version 1.6.0-B3, the native network management software for DrayTek devices. The vulnerability stems from improper validation of user input. An attacker could...

CVE-2021-20128

The Profile Name field in the floor plan Network Menu page in Draytek VigorConnect 1.6.0-B3 was found to be vulnerable to stored XSS, as user input is not properly sanitized...

CVE-2021-20128

The Profile Name field in the floor plan Network Menu page in Draytek VigorConnect 1.6.0-B3 was found to be vulnerable to stored XSS, as user input is not properly sanitized...