PT-2026-27061

The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via...

Linux Distros Unpatched Vulnerability : CVE-2021-23423

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing include, include-code or include-raw block is processed...

GHSA-J8G2-6FC7-Q8F8 Pyramid static view path traversal up one directory

Impact This impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a index.html file that is located exactly one directory above the location of the static view's file system path. No further path traversal exists, and the only file that could be...

Pyramid 路径遍历漏洞

Pyramid is a python based web framework. A path traversal vulnerability exists in Pyramid version 2.0.0 and 2.0.1, which stems from the presence of a path traversal vulnerability that can lead to easy disclosure of the file index.html...

Path Traversal in bikshed

This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing include, include-code or include-raw block is processed. The contents of arbitrary files could be disclosed in the HTML output...

Missing access controls in loadattachmentversions action

The loadattachmentsversions action is accessible to any user of Confluence and returns version history information for an attachment. No access controls appear to be implemented for this action and any user of Confluence can obtain version history for any attachment, including those on pages in...