nautobot-bgp-models (>=3.0.0a1 <=3.0.0a2), nautobot-capacity-metrics (=4.0.0a1) +12 more potentially affected by CVE-2026-34203 via nautobot (=3.0.0rc2)

nautobot PYPI version =3.0.0rc2 is affected by a known vulnerability. The following packages have a transitive dependency on nautobot and may be impacted: - nautobot-bgp-models =3.0.0a1, =3.0.0rc1, =4.0.0a1, =3.0.0a1, =4.0.0a1, =4.0.0a2 - nautobot-ssot =4.0.0a1 - nautobot-welcome-wizard =3.0.0a1...

EUVD-2025-26399

Malicious code in bioql PyPI...

EUVD-2025-26401

Malicious code in bioql PyPI...

CVE-2025-52544

E3 Site Supervisor Control firmware version 2.31F01 has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can access any file from the E3 file system...

CVE-2025-52546

E3 Site Supervisor Control firmware version 2.31F01 has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can inject a stored XSS to the floorplan web page...

CVE-2025-52546

E3 Site Supervisor Control firmware version 2.31F01 has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can inject a stored XSS to the floorplan web page...

CVE-2025-52544

E3 Site Supervisor Control firmware version 2.31F01 has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can access any file from the E3 file system...

CVE-2025-52544

E3 Site Supervisor Control firmware version 2.31F01 has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can access any file from the E3 file system...

CVE-2025-52546 Stored XSS by uploading a specially crafted floor plan file

E3 Site Supervisor Control firmware version 2.31F01 has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can inject a stored XSS to the floorplan web page...

CVE-2025-52546 Stored XSS by uploading a specially crafted floor plan file

E3 Site Supervisor Control firmware version 2.31F01 has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can inject a stored XSS to the floorplan web page...

CVE-2025-52546

The CVE-2025-52546 entry concerns Copeland E3 Site Supervisor Control firmware prior to 2.31F01. The floor plan feature allows an unauthenticated user to upload floor plan files, which can inject a stored XSS on the floorplan web page. Documented impact is stored XSS with potential user interacti...

CVE-2025-52544 Arbitrary read file from the filesystem

E3 Site Supervisor Control firmware version 2.31F01 has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can access any file from the E3 file system...

CVE-2025-52544 Arbitrary read file from the filesystem

E3 Site Supervisor Control firmware version 2.31F01 has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can access any file from the E3 file system...

PT-2025-35553

Name of the Vulnerable Software and Affected Versions: E3 Site Supervisor Control versions prior to 2.31F01 Description: E3 Site Supervisor Control firmware version prior to 2.31F01 has a floor plan feature that allows an unauthenticated attacker to upload floor plan files. By uploading a special...

Copeland E3 Supervisory Control 安全漏洞

Copeland E3 Supervisory Control is an industrial equipment control system from Copeland, USA. A security vulnerability exists in Copeland E3 Supervisory Control versions prior to 2.31F01, which stems from mishandling of the floor plan feature and could result in uploading a specially crafted file...

Copeland E3 Supervisory Control 安全漏洞

Copeland E3 Supervisory Control is an industrial equipment control system from Copeland, USA. A security vulnerability exists in Copeland E3 Supervisory Control versions prior to 2.31F01, which stems from improper handling of the floor plan feature and could lead to a stored cross-site scripting...

PT-2025-35555

Name of the Vulnerable Software and Affected Versions: E3 Site Supervisor Control versions prior to 2.31F01 Description: E3 Site Supervisor Control’s floor plan feature allows an unauthenticated attacker to upload floor plan files. Uploading a specially crafted floor plan file can lead to a store...

Draytek VigorConnect Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability exists in the Profile Name field of the Floor Plan Network Menu page in Draytek VigorConnect version 1.6.0-B3, the native network management software for DrayTek devices. The vulnerability stems from improper validation of user input. An attacker could...

CVE-2021-20128

The Profile Name field in the floor plan Network Menu page in Draytek VigorConnect 1.6.0-B3 was found to be vulnerable to stored XSS, as user input is not properly sanitized...

CVE-2021-20128

The Profile Name field in the floor plan Network Menu page in Draytek VigorConnect 1.6.0-B3 was found to be vulnerable to stored XSS, as user input is not properly sanitized...