80 matches found
CVE-2026-8362
A stack-based buffer overflow condition exists in WOSDefaultHttpModule.dll when processing a long URL path starting with /woshome...
EUVD-2014-3655
Malware in sbrugna...
EUVD-2025-28380
Malicious code in bioql PyPI...
CVE-2025-50978
In Gitblit v1.7.1, a reflected cross-site scripting XSS vulnerability exists in the way repository path names are handled. By injecting a specially crafted path payload an attacker can cause arbitrary JavaScript to execute when a victim views the manipulated URL. This flaw stems from insufficient...
CVE-2025-50978
In Gitblit v1.7.1, a reflected cross-site scripting XSS vulnerability exists in the way repository path names are handled. By injecting a specially crafted path payload an attacker can cause arbitrary JavaScript to execute when a victim views the manipulated URL. This flaw stems from insufficient...
CVE-2025-50978
Gitblit v1.7.1 is affected by a reflected XSS in repository path handling caused by insufficient input sanitization of filename elements. An attacker can inject a crafted path payload to execute arbitrary JavaScript when a victim views the manipulated URL. The available connected sources confirm ...
CVE-2025-50978
In Gitblit v1.7.1, a reflected cross-site scripting XSS vulnerability exists in the way repository path names are handled. By injecting a specially crafted path payload an attacker can cause arbitrary JavaScript to execute when a victim views the manipulated URL. This flaw stems from insufficient...
CVE-2025-50978
In Gitblit v1.7.1, a reflected cross-site scripting XSS vulnerability exists in the way repository path names are handled. By injecting a specially crafted path payload an attacker can cause arbitrary JavaScript to execute when a victim views the manipulated URL. This flaw stems from insufficient...
PT-2025-34880 · Gitblit · Gitblit
Name of the Vulnerable Software and Affected Versions: Gitblit version 1.7.1 Description: Gitblit version 1.7.1 contains a reflected cross-site scripting XSS flaw due to insufficient input sanitization of filename elements when handling repository path names. An attacker can inject a crafted path...
Astra Linux – Vulnerability in Python 3.11
A vulnerability has been identified in the CPython venv module and CLI. This vulnerability arises from improper quoting of path names when creating a virtual environment. As a result, attackers can inject commands into the virtual environment “activation” scripts e.g., using “source...
CVE-2023-2117
The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when handling the getsubdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root...
The vulnerability of the Ivanti EPM endpoint management software lies in the improper restriction of path names in the catalog, which allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the Ivanti EPM endpoint management software is related to incorrect restrictions on path names in the catalog. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...
CLSA-2025-1736503464 python3.9: Fix of CVE-2024-9287
CVE-2024-9287: Fix improperly quoting path names in virtual environment creation to prevent command injection in activation scripts...
SUSE-SU-2025:0048-1 Security update for python312
This update for python312 fixes the following issues: - Properly quote path names provided when creating a virtual environment bsc1232241, CVE-2024-9287...
BIT-PYTHON-2024-9287 Virtual environment (venv) activation scripts don't quote paths
A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means that...
USN-7116-1: Python vulnerability
It was discovered that Python incorrectly handled quoting path names when using the venv module. A local attacker able to control virtual environments could possibly use this issue to execute arbitrary code when the virtual environment is activated...
WordPress plugin DigiPass 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...
The vulnerability of the Buildah container management tool arises due to an incorrect path name limitation for the restricted access catalog. This allows a malicious user to elevate their privileges within the system.
The vulnerability of the Buildah container management tool exists due to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability can allow a malicious user to gain increased privileges within the system...
Security update for python312
This update for python312 fixes the following issues: CVE-2024-9287: Fixed quoted path names provided when creating a virtual environment bsc1232241. Bug fixes: Drop .pyc files from docdir for reproducible builds bsc1230906. Patch Instructions: To install this SUSE update use the SUSE recommended...
SUSE-SU-2024:3959-1 Security update for python312
This update for python312 fixes the following issues: - CVE-2024-9287: Fixed quoted path names provided when creating a virtual environment bsc1232241. Bug fixes: - Drop .pyc files from docdir for reproducible builds bsc1230906...