Kentico Xperience 跨站脚本漏洞

Kentico Xperience is a digital experience platform from Kentico, Inc. A security vulnerability exists in Kentico Xperience versions prior to 13.0.178 that stems from allowing the upload of .zip files could result in the creation of files with other extensions...

PYSEC-2025-19

picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vulnerability scan. An attacker could craft a malicious model that uses Pickle and include a malicious pickle file with a non-standard file extension. Because the malicious pickle file inclusion is not...