Lucene search
+L

21 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.9 views

Amazon Linux 2023 : python3-mako (ALAS2023-2026-1846)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1846 advisory. Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an...

8.7CVSS5.9AI score0.00361EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.12 views

CVE-2026-44307

A flaw was found in Mako, a Python template library. A remote attacker could exploit a directory traversal vulnerability by crafting a Uniform Resource Identifier URI with backslash traversal. This bypasses security checks, allowing the attacker to read files outside the intended template...

8.7CVSS5.3AI score0.00609EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/06/04 2:17 p.m.40 views

CVE-2026-41065 Tautulli Vulnerable to Unauthenticated/Authenticated Remote Code Execution via Newsletter Custom Template Directory

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 are vulnerable to remote code execution via the newsletter custom template directory feature. On a fresh install before the setup wizard is completed, all management endpoints are completely...

9.3CVSS0.00434EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/04 2:17 p.m.9 views

CVE-2026-41065 Tautulli Vulnerable to Unauthenticated/Authenticated Remote Code Execution via Newsletter Custom Template Directory

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 are vulnerable to remote code execution via the newsletter custom template directory feature. On a fresh install before the setup wizard is completed, all management endpoints are completely...

9.3CVSS6.5AI score0.00434EPSS
Exploits0References2
CVE
CVE
added 2026/06/04 2:17 p.m.20 views

CVE-2026-41065

Tautulli versions prior to 2.17.1 are vulnerable to unauthenticated/authenticated remote code execution via the newsletter custom template directory feature. On a fresh install (before setup wizard completion) or on an installed system with credentials, an attacker can create a newsletter agent a...

9.3CVSS6.5AI score0.00434EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 10:16 p.m.25 views

CVE-2026-44307

Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the...

8.7CVSS0.00609EPSS
Exploits1References4
OSV
OSV
added 2026/05/12 10:16 p.m.14 views

UBUNTU-CVE-2026-44307

Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the...

8.7CVSS5.8AI score0.00609EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2026/05/12 9:53 p.m.19 views

CVE-2026-44307

Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the...

8.7CVSS5.8AI score0.00609EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/05/12 9:53 p.m.8 views

CVE-2026-44307 Mako: Path traversal via backslash URI on Windows in TemplateLookup

Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the...

8.7CVSS5.8AI score0.00609EPSS
Exploits1References4
CVE
CVE
added 2026/05/12 9:53 p.m.26 views

CVE-2026-44307

CVE-2026-44307 describes a Windows-specific path traversal in the Mako template library prior to 1.3.12. A URI using backslash traversal (for example, \..\..\secret.txt) bypasses the directory traversal check in Template.__init__ and the posixpath-based normalization in TemplateLookup.get_templat...

8.7CVSS5.8AI score0.00609EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/12 9:53 p.m.45 views

CVE-2026-44307 Mako: Path traversal via backslash URI on Windows in TemplateLookup

Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the...

8.7CVSS0.00609EPSS
Exploits1References4
OSV
OSV
added 2026/05/12 9:53 p.m.2 views

CVE-2026-44307 Mako: Path traversal via backslash URI on Windows in TemplateLookup

Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the...

8.7CVSS6AI score0.00609EPSS
Exploits1References6
OSV
OSV
added 2026/05/06 9:45 p.m.10 views

GHSA-2H4P-VJRC-8XPQ Mako vulnerable to path traversal via backslash URI on Windows in TemplateLookup

Summary On Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the configured template directory. Details The root cause is a...

8.7CVSS5.8AI score0.00609EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2026/04/25 1:35 a.m.6 views

SUSE CVE-2026-41205

Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be...

7.5CVSS5.3AI score0.00361EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/04/24 12:0 a.m.5 views

CVE-2026-41205

Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be...

8.7CVSS5.8AI score0.00361EPSS
Exploits0References3
OSV
OSV
added 2026/04/24 12:0 a.m.4 views

UBUNTU-CVE-2026-41205

Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be...

8.7CVSS5.8AI score0.00361EPSS
Exploits0References4
NVD
NVD
added 2026/04/23 7:17 p.m.10 views

CVE-2026-41205

Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be...

8.7CVSS0.00361EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/23 6:52 p.m.17 views

EUVD-2026-25279

Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be...

8.7CVSS5.7AI score0.00361EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/04/23 6:52 p.m.14 views

CVE-2026-41205

Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be...

8.7CVSS5.3AI score0.00361EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-41205

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g.,...

8.7CVSS5.8AI score0.00361EPSS
Exploits0References3
Rows per page
Query Builder