54701 matches found
GHSA-83PF-V6QQ-PWMR Fickling has a detection bypass via stdlib network-protocol constructors
Our assessment imtplib, imaplib, ftplib, poplib, telnetlib, and nntplib were added to the list of unsafe imports https://github.com/trailofbits/fickling/commit/6d20564d23acf14b42ec883908aed159be7b9ade. The UnusedVariables heuristic works as expected. Original report Summary Fickling's checksafety...
CVE-2025-15582
A security flaw has been discovered in detronetdip E-commerce 1.0.0. The impacted element is the function Delete/Update of the component Product Management Module. Performing a manipulation of the argument ID results in authorization bypass. Remote exploitation of the attack is possible. The...
CLSA-2026-1771597605 Fix CVE(s): CVE-2025-15367
SECURITY UPDATE: defect in poplib module, when passed a user-controlled command, commands can be injected using newlines - debian/patches/CVE-2025-15367.patch: Fix command injection by rejecting commands containing control characters - CVE-2025-15367...
AZL-78278 CVE-2026-21620 affecting package erlang 25.3.2.21-4
Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp tftpfile modules, erlang otp inets tftpfile modules, erlang otp tftp tftpfile modules allows Relative Path Traversal. This vulnerability is associated with program files...
CVE-2026-21620
Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp tftpfile modules, erlang otp inets tftpfile modules, erlang otp tftp tftpfile modules allows Relative Path Traversal. This vulnerability is associated with program files...
DEBIAN-CVE-2026-21620
Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp tftpfile modules, erlang otp inets tftpfile modules, erlang otp tftp tftpfile modules allows Relative Path Traversal. This vulnerability is associated with program files...
CVE-2026-21620
Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp tftpfile modules, erlang otp inets tftpfile modules, erlang otp tftp tftpfile modules allows Relative Path Traversal. This vulnerability is associated with program files...
CVE-2026-21620
CVE-2026-21620 describes a Relative Path Traversal in Erlang/OTP’s tftp_file modules within otp inets and tftp components. Affected are OTP releases including 17.0 and later, with specific older ranges: OTP from 5.10 before 7.0 and OTP from 1.0 (per the entry). The vulnerability is tied to the pr...
EEF-CVE-2026-21620 TFTP Path Traversal
Summary Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp tftpfile modules, erlang otp inets tftpfile modules, erlang otp tftp tftpfile modules allows Relative Path Traversal. This vulnerability is associated with program files...
CVE-2026-21620
Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp tftpfile modules, erlang otp inets tftpfile modules, erlang otp tftp tftpfile modules allows Relative Path Traversal. This vulnerability is associated with program files...
CVE-2026-2825
A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fixhtml of the file tools/fix.py of the component Article Module. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...
CVE-2026-2825 rachelos WeRSS we-mp-rss Article fix.py fix_html cross site scripting
A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fixhtml of the file tools/fix.py of the component Article Module. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...
CVE-2026-2825 rachelos WeRSS we-mp-rss Article fix.py fix_html cross site scripting
A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fixhtml of the file tools/fix.py of the component Article Module. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...
CVE-2026-2825
CVE-2026-2825 affects WeRSS we-mp-rss up to 1.4.8, specifically the Article Module’s tools/fix.py fix_html function. The vulnerability enables cross-site scripting (XSS) via manipulated input, with remote initiation possible. The exploit has been disclosed publicly. The provided documents do not ...
CVE-2026-2825
A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fixhtml of the file tools/fix.py of the component Article Module. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...
CVE-2026-2821
CVE-2026-2821 affects Fujian Smart Integrated Management Platform System up to version 7.5. An issue in the /Module/CRXT/Controller/XCamera.ashx handler allows altering the ChannelName argument to trigger a SQL injection. This enables remote exploitation with no authentication required and has pu...
CVE-2026-2819
A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Workflow Module. The manipulation leads to missing authorization. The attack may be initiated remotely...
CVE-2026-2819
A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Workflow Module. The manipulation leads to missing authorization. The attack may be initiated remotely...
CVE-2026-2819
The CVE concerns Dromara RuoYi-Vue-Plus (up to 5.5.3) with a flaw in the Workflow Module’s SaServletFilter handling the endpoint /workflow/instance/deleteByInstanceIds. The root cause is missing authorization, enabling a remote attacker to manipulate workflow instances. The description states the...
CVE-2026-27181
MajorDoMo aka Major Domestic Module allows unauthenticated arbitrary module uninstallation through the market module. The market module's admin method reads gr'mode' from $REQUEST and assigns it to $this-mode at the start of execution, making all mode-gated code paths reachable without...