Security Bulletin: Maximo AI Service uses multiple third party dependencies which are vulnerable to multiple CVEs.

Summary Maximo AI Service uses path-to-regexp-0.1.12.tgz, mlflow-3.9.0rc0-py3-none-any.whl, lodash-4.17.23.tgz, tomcat-embed-core-10.1.53.jar, spring-security-config-6.5.9.jar, Mako-1.3.8-py3-none-any.whl, uuid-11.1.0.tgz, spring-boot-3.5.13.jar, mako-1.3.11-py3-none-any.whl and...

mako 路径遍历漏洞

Mako is an open-source template library written in Python by SQLAlchemy. It offers a familiar non-XML syntax, which can be compiled into Python modules for optimal performance. Prior to Mako 1.3.12, there was a path traversal vulnerability. This vulnerability stemmed from a bypass of directory...

adoc (>=0.1.0 <=0.1.5), adr (>=0.4.0 <=0.4.1) +227 more potentially affected by CVE-2026-44307 via mako (>=1.0.1 <=1.3.11)

mako PYPI version =1.0.1, =0.1.0, =0.4.0, =0.1.0, =1.0.4, =0.0.1, =0.7.0, =1.0.1, =0.1.2, =0.1.0, =0.3.24, =0.1.0, =0.1.1, =0.1.6 and more Source cves: CVE-2026-44307 Source advisory: SNYK:PYTHON-MAKO-16439021...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Mako vulnerability (USN-8234-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8234-1 advisory. It was discovered that Mako incorrectly handled URIs with double-slash prefixes in...

USN-8234-1: Mako vulnerability

It was discovered that Mako incorrectly handled URIs with double-slash prefixes in TemplateLookup. A remote attacker could possibly use this issue to obtain sensitive information...

adoc (>=0.1.0 <=0.1.5), adr (>=0.4.0 <=0.4.1) +227 more potentially affected by CVE-2026-41205 via mako (>=1.0.1 <=1.3.10)

mako PYPI version =1.0.1, =0.1.0, =0.4.0, =0.1.0, =1.0.4, =0.0.1, =0.7.0, =1.0.1, =0.1.2, =0.1.0, =0.3.24, =0.1.0, =0.1.1, =0.1.6 and more Source cves: CVE-2026-41205 Source advisory: OSV:PYSEC-2026-88...

adoc (>=0.1.0 <=0.1.5), adr (>=0.4.0 <=0.4.1) +227 more potentially affected by CVE-2026-41205 via mako (>=1.0.1 <=1.3.10)

mako PYPI version =1.0.1, =0.1.0, =0.4.0, =0.1.0, =1.0.4, =0.0.1, =0.7.0, =1.0.1, =0.1.2, =0.1.0, =0.3.24, =0.1.0, =0.1.1, =0.1.6 and more Source cves: CVE-2026-41205 Source advisory: SNYK:PYTHON-MAKO-16098253...

EUVD-2010-0002

Malware in sbrugna...

Alibaba Cloud Linux 3 : 0057: python-mako (ALINUX3-SA-2023:0057)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0057 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-40023: Sqlalchemy mako before 1.2.2 is...

USN-5625-1: Mako vulnerability

It was discovered that Mako incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : Mako vulnerability (USN-5625-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5625-1 advisory. It was discovered that Mako incorrectly handled certain regular expressions. An attacker could possibly use this issue to caus...

GHSA-V973-FXGF-6XHP mako is vulnerable to Regular Expression Denial of Service

Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin...

adoc (>=0.1.0 <=0.1.5), alembic-viz (=0.1.0) +128 more potentially affected by CVE-2022-40023 via mako (>=1.0.1 <=1.2.1)

mako PYPI version =1.0.1, =0.1.0, =0.1.0, =1.0.4, =0.0.1, =0.1.2, =0.3.24, =0.1.0, =0.1.1, =2016.3.17, =1.3.1, =1.0.2, =1.4.0 - cmc-py-wrapper =0.1.0 - coil =1.2.1 and more Source cves: CVE-2022-40023 Source advisory: OSV:GHSA-V973-FXGF-6XHP...

CVE-2022-40023

Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin...

Design/Logic Flaw

Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin...

adoc (>=0.1.0 <=0.1.5), alembic-viz (=0.1.0) +128 more potentially affected by CVE-2022-40023 via mako (>=1.0.1 <=1.2.1)

mako PYPI version =1.0.1, =0.1.0, =0.1.0, =1.0.4, =0.0.1, =0.1.2, =0.3.24, =0.1.0, =0.1.1, =2016.3.17, =1.3.1, =1.0.2, =1.4.0 - cmc-py-wrapper =0.1.0 - coil =1.2.1 and more Source cves: CVE-2022-40023 Source advisory: OSV:PYSEC-2022-260...

Ubuntu Update for mako vulnerability USN-996-1

Ubuntu Update for Linux kernel vulnerabilities USN-996-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9961.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for mako vulnerability USN-996-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

CVE-2010-2480

Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting XSS protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element...