31 matches found
PT-2026-41177
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.5.11 Description A blind server side request forgery SSRF exists in the PDF generate function. User inputs are interpreted as HTML and embedded into the PDF. While scripts and certain dangerous tags like iFrame a...
GHSA-PR46-2V3C-5356 Emmett has a path traversal in internal assets handler
The RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files outside the assets directory...
Emmett has a path traversal in internal assets handler
The RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files outside the assets directory...
EUVD-2026-19974
Emmett has a path traversal in internal assets handler...
CVE-2026-39847
Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files...
PYSEC-2026-59
Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files...
PYSEC-2026-59
Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files...
CVE-2026-39847 Emmett has a path traversal in internal assets handler
Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files...
CVE-2026-39847
Emmett (Python web framework) versions 2.5.0 through before 2.8.1 are affected by a path traversal vulnerability in the RSGI static handler for internal assets located under /emmett . An attacker can abuse ../ sequences (for example /emmett /../rsgi/handlers.py) to read arbitrary files outside th...
CVE-2026-39847 Emmett has a path traversal in internal assets handler
Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files...
PT-2026-31032
Name of the Vulnerable Software and Affected Versions Emmett versions 2.5.0 through 2.8.0 Description Emmett, a full-stack Python web framework, contains a path traversal flaw in its RSGI static handler for internal assets / emmett paths. An attacker can use '../' sequences in requests, such as '...
EUVD-2024-31977
Malicious code in bioql PyPI...
CVE-2024-29168
Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal assets REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing...
PT-2024-22775 · Dell · Dell Scg
Name of the Vulnerable Software and Affected Versions: Dell SCG versions prior to 5.22.00.00 Description: The issue concerns a SQL Injection Vulnerability in the SCG UI for an internal assets REST API. A remote authenticated attacker could potentially exploit this, leading to the execution of...
CVE-2024-3388
A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal...
CVE-2024-3388 PAN-OS: User Impersonation in GlobalProtect SSL VPN
A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal...
CVE-2024-3388 PAN-OS: User Impersonation in GlobalProtect SSL VPN
A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal...
PAN-OS: User Impersonation in GlobalProtect SSL VPN
A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal...
Palo Alto Networks PAN-OS 安全漏洞
Palo Alto Networks PAN-OS is a next-generation firewall software from Palo Alto Networks, USA. A security vulnerability exists in Palo Alto Networks PAN-OS, which can be exploited by an authenticated attacker to impersonate another user and send network packets to internal assets...
Palo Alto Networks PAN-OS 8.1.x < 8.1.26 / 9.0.x < 9.0.17-h4 / 9.1.x < 9.1.17 / 10.1.x < 10.1.11-h4 / 10.2.x < 10.2.7-h3 / 11.0.x < 11.0.3 Vulnerability
The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.26 or 9.0.x prior to 9.0.17-h4 or 9.1.x prior to 9.1.17 or 10.1.x prior to 10.1.11-h4 or 10.2.x prior to 10.2.7-h3 or 11.0.x prior to 11.0.3. It is, therefore, affected by a vulnerability. - A vulnerability ...