CVE-2026-8362

A stack-based buffer overflow condition exists in WOSDefaultHttpModule.dll when processing a long URL path starting with /woshome...

Astra Linux - уязвимость в python3.11, python3.7

A vulnerability has been identified in the CPython venv module and CLI. This vulnerability arises from improper quoting of path names when creating a virtual environment. As a result, attackers can inject commands into the virtual environment “activation” scripts e.g., using “source...

EUVD-2014-3655

Malware in sbrugna...

EUVD-2025-28380

Malicious code in bioql PyPI...

CVE-2025-50978

In Gitblit v1.7.1, a reflected cross-site scripting XSS vulnerability exists in the way repository path names are handled. By injecting a specially crafted path payload an attacker can cause arbitrary JavaScript to execute when a victim views the manipulated URL. This flaw stems from insufficient...

CVE-2025-50978

In Gitblit v1.7.1, a reflected cross-site scripting XSS vulnerability exists in the way repository path names are handled. By injecting a specially crafted path payload an attacker can cause arbitrary JavaScript to execute when a victim views the manipulated URL. This flaw stems from insufficient...

PT-2025-34880 · Gitblit · Gitblit

Name of the Vulnerable Software and Affected Versions: Gitblit version 1.7.1 Description: Gitblit version 1.7.1 contains a reflected cross-site scripting XSS flaw due to insufficient input sanitization of filename elements when handling repository path names. An attacker can inject a crafted path...

CVE-2025-50978

In Gitblit v1.7.1, a reflected cross-site scripting XSS vulnerability exists in the way repository path names are handled. By injecting a specially crafted path payload an attacker can cause arbitrary JavaScript to execute when a victim views the manipulated URL. This flaw stems from insufficient...

CVE-2025-50978

Gitblit v1.7.1 is affected by a reflected XSS in repository path handling caused by insufficient input sanitization of filename elements. An attacker can inject a crafted path payload to execute arbitrary JavaScript when a victim views the manipulated URL. The available connected sources confirm ...

CVE-2025-50978

In Gitblit v1.7.1, a reflected cross-site scripting XSS vulnerability exists in the way repository path names are handled. By injecting a specially crafted path payload an attacker can cause arbitrary JavaScript to execute when a victim views the manipulated URL. This flaw stems from insufficient...

CVE-2023-2117

The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when handling the getsubdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root...

CLSA-2025-1736503464 python3.9: Fix of CVE-2024-9287

CVE-2024-9287: Fix improperly quoting path names in virtual environment creation to prevent command injection in activation scripts...

SUSE-SU-2025:0048-1 Security update for python312

This update for python312 fixes the following issues: - Properly quote path names provided when creating a virtual environment bsc1232241, CVE-2024-9287...

BIT-PYTHON-2024-9287 Virtual environment (venv) activation scripts don't quote paths

A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means that...

USN-7116-1: Python vulnerability

It was discovered that Python incorrectly handled quoting path names when using the venv module. A local attacker able to control virtual environments could possibly use this issue to execute arbitrary code when the virtual environment is activated...

WordPress plugin DigiPass 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

Security update for python312

This update for python312 fixes the following issues: CVE-2024-9287: Fixed quoted path names provided when creating a virtual environment bsc1232241. Bug fixes: Drop .pyc files from docdir for reproducible builds bsc1230906. Patch Instructions: To install this SUSE update use the SUSE recommended...

SUSE-SU-2024:3959-1 Security update for python312

This update for python312 fixes the following issues: - CVE-2024-9287: Fixed quoted path names provided when creating a virtual environment bsc1232241. Bug fixes: - Drop .pyc files from docdir for reproducible builds bsc1230906...

Security update for python311

This update for python311 fixes the following issues: CVE-2024-9287: Fixed quoted path names provided when creating a virtual environment bsc1232241. Bug fixes: Drop .pyc files from docdir for reproducible builds bsc1230906. Patch Instructions: To install this SUSE update use the SUSE recommended...

Security update for python39

This update for python39 fixes the following issues: CVE-2024-9287: Fixed quoted path names provided when creating a virtual environment bsc1232241. Bug fixes: Drop .pyc files from docdir for reproducible builds bsc1230906. Patch Instructions: To install this SUSE update use the SUSE recommended...