EUVD-2026-19888

RedwoodSDK has a CSRF vulnerability in server function dispatch via GET requests...

Exploit for Improper Restriction of XML External Entity Reference in Wordpress

🔥 The Exploit Foundry !Pythonhttps://img.shields.io/badge...

Ado::Sessions 安全漏洞

Ado::Sessions is a lightweight Perl-based web application development framework developed by. Versions of Ado::Sessions prior to 0.935 contained security vulnerabilities; these vulnerabilities stemmed from the generation of insecure session IDs, which could lead to session hijacking...

Hono 路径遍历漏洞

Hono is a web framework written in TypeScript for the Hono community. Versions of Hono prior to 4.12.12 contained a path traversal vulnerability. This vulnerability stemmed from inconsistent handling of serveStatic paths, allowing access to protected static files using repeated slashes, thereby...

Hono 安全漏洞

Hono is a web framework built in TypeScript for the Hono community. Versions of Hono prior to 4.12.12 contained a security vulnerability. This vulnerability stemmed from the ipRestriction function not properly normalizing IPv4-mapped IPv6 client addresses, which could lead to failed matching of...

PraisonAI 代码问题漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.115 contained code vulnerabilities; these vulnerabilities stemmed from YAML parsing without disabling dangerous tags, which could lead to remote code execution...

Frappe Framework 安全漏洞

Frappe Framework is a metadata-driven full-stack web application framework developed by Frappe India. Both the Frappe Framework v16.0.1 and Frappe Framework v16.1.1 versions contain security vulnerabilities. These vulnerabilities stem from the insufficient cleanup of HTML provided by the Print...

AIL framework 跨站脚本漏洞

AIL framework is a modular information leakage analysis framework developed as open source within the AIL project. It is used to analyze potential information leaks from unstructured data sources. Prior to version 6.8 of the AIL framework, there was a cross-site scripting vulnerability. This...

CVE-2026-31017

A Server-Side Request Forgery SSRF vulnerability exists in the Print Format functionality of ERPNext v16.0.1 and Frappe Framework v16.1.1, where user-supplied HTML is insufficiently sanitized before being rendered into PDF. When generating PDFs from user-controlled HTML content, the application...

CVE-2026-31017

A Server-Side Request Forgery SSRF vulnerability exists in the Print Format functionality of ERPNext v16.0.1 and Frappe Framework v16.1.1, where user-supplied HTML is insufficiently sanitized before being rendered into PDF. When generating PDFs from user-controlled HTML content, the application...

Hono 路径遍历漏洞

Hono is a web framework built with TypeScript in the Hono community. Versions of Hono prior to 4.12.12 contained a path traversal vulnerability. This vulnerability stemmed from issues with the toSSG function, which allowed for path traversal attacks, potentially leading to files being written...

Hono 输入验证错误漏洞

Hono is a web framework written in TypeScript for the Hono community. Versions of Hono prior to 4.12.12 contained a vulnerability related to input validation errors. This vulnerability stemmed from differences in how browser Cookie parsing and the parse function were handled, which could lead to...

CVE-2026-39847

Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files...

PYSEC-2026-59

Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files...

CVE-2026-34781

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that call clipboard.readImage may be vulnerable to a denial of service. If the system clipboard contains image data that fails to decod...

PYSEC-2026-59

Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files...

CVE-2026-34765

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, when a renderer calls window.open with a target name, Electron did not correctly scope the named-window lookup to the opener's browsing...

CVE-2026-39847 Emmett has a path traversal in internal assets handler

Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files...

CVE-2026-39847

Emmett (Python web framework) versions 2.5.0 through before 2.8.1 are affected by a path traversal vulnerability in the RSGI static handler for internal assets located under /emmett . An attacker can abuse ../ sequences (for example /emmett /../rsgi/handlers.py) to read arbitrary files outside th...

CVE-2026-39847 Emmett has a path traversal in internal assets handler

Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files...