219 matches found
CVE-2026-24187
creationtimestamp| type| source ---|---|--- 2026-06-11 04:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mnydz7e3co2o 2026-06-11 04:07:09+00:00| seen| https://bsky.app/profile/potato.software/post/3mnydzaulpn2f...
CVE-2026-11306
creationtimestamp| type| source ---|---|--- 2026-06-05 03:01:08+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnj5jnm4ks2s 2026-06-05 03:01:09+00:00| seen| https://bsky.app/profile/potato.software/post/3mnj5jpel2f2s 2026-06-05 13:24:44+00:00| seen|...
CVE-2026-40290
creationtimestamp| type| source ---|---|--- 2026-06-03 19:25:43+00:00| seen| https://bsky.app/profile/potato.software/post/3mnftjm7jzc2i 2026-06-04 02:00:35+00:00| seen| https://bsky.app/profile/hugovalters.bsky.social/post/3mngjoiq3fh25...
CVE-2026-4081
creationtimestamp| type| source ---|---|--- 2026-06-03 10:18:04+00:00| seen| https://bsky.app/profile/potato.software/post/3mneuvbjsee2f...
CVE-2026-9642
creationtimestamp| type| source ---|---|--- 2026-05-26 22:00:38+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmryk2eogi2k 2026-05-26 22:15:19+00:00| seen| https://bsky.app/profile/potato.software/post/3mmrzeclokg26 2026-05-29 22:07:08+00:00| seen|...
CVE-2026-6690
creationtimestamp| type| source ---|---|--- 2026-05-16 06:32:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mlx7yjc64q2l 2026-05-16 06:32:07+00:00| seen| https://bsky.app/profile/potato.software/post/3mlx7yjq5xq27...
Directory Traversal
Overview potato-annotation is an A flexible, stand-alone, web-based platform for text annotation tasks Affected versions of this package are vulnerable to Directory Traversal via the validatepathsecurity function. An attacker can gain unauthorized access to files outside the intended project...
GHSA-Q9M2-FHV9-3JCF `potato-annotation` has a Project-Boundary Bypass
Summary validatepathsecurity uses string-prefix containment startswith for boundary checks. This allows paths that are outside the intended project directory but share its prefix string e.g., /tmp/potatoprojdemoevil/... vs /tmp/potatoprojdemo to be accepted. Details Affected source location root...
`potato-annotation` has a Project-Boundary Bypass
Summary validatepathsecurity uses string-prefix containment startswith for boundary checks. This allows paths that are outside the intended project directory but share its prefix string e.g., /tmp/potatoprojdemoevil/... vs /tmp/potatoprojdemo to be accepted. Details Affected source location root...
CVE-2026-6229
creationtimestamp| type| source ---|---|--- 2026-05-06 02:33:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3ml5nxwigtp2q 2026-05-06 02:33:09+00:00| seen| https://bsky.app/profile/potato.software/post/3ml5nxwwnu32t...
CVE-2026-27960
creationtimestamp| type| source ---|---|--- 2026-05-05 19:19:06+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3ml4vpud3o42r 2026-05-05 19:21:58+00:00| seen| https://bsky.app/profile/potato.software/post/3ml4vuza7cx2l 2026-05-05 21:58:42+00:00| seen|...
CVE-2026-33318
creationtimestamp| type| source ---|---|--- 2026-04-23 20:22:56+00:00| published-proof-of-concept| https://github.com/actualbudget/actual/security/advisories/GHSA-prp4-2f49-fcgp 2026-04-24 03:56:49+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mk7n2kb7sz2z 2026-04-24...
CVE-2024-43028
creationtimestamp| type| source ---|---|--- 2026-04-07 09:40:09+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mivicunecn2a 2026-04-07 10:00:56+00:00| seen| https://bsky.app/profile/potato.software/post/3mivjhz5lhn2n...
CVE-2025-13535
creationtimestamp| type| source ---|---|--- 2026-04-01 22:45:05+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mihrevrgnf2j 2026-04-01 22:45:07+00:00| seen| https://bsky.app/profile/potato.software/post/3mihrewob7j2x...
CVE-2025-15381
creationtimestamp| type| source ---|---|--- 2026-03-27 19:18:40+00:00| published-proof-of-concept| Telegram/1bFqVBg1WZRYib4qCiBn36zcLriGuSpWJXWdU6ZWtzYtM 2026-03-27 19:18:53+00:00| seen| Telegram/aqievDs9oCICHmk4C8wabuGpxUWUtlG5g0Gk9aIz6TfeTOo 2026-03-27 22:15:31+00:00| seen|...
CVE-2026-32191
creationtimestamp| type| source ---|---|--- 2026-03-19 21:23:02+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhgwq6xs252h 2026-03-19 21:23:41+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhgwrf3me42v 2026-03-19 21:23:44+00:00| seen|...
CVE-2019-25482
creationtimestamp| type| source ---|---|--- 2026-03-19 09:00:13+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mhfn7wyonv2q 2026-03-19 09:05:52+00:00| seen| https://bsky.app/profile/potato.software/post/3mhfnk2rzrz2u...
CVE-2026-2992
creationtimestamp| type| source ---|---|--- 2026-03-18 18:42:08+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhe5bkut732u 2026-03-18 19:06:20+00:00| seen| https://bsky.app/profile/potato.software/post/3mhe6mutq2p2w...
CVE-2026-32633
creationtimestamp| type| source ---|---|--- 2026-03-14 14:52:43+00:00| published-proof-of-concept| https://github.com/nicolargo/glances/security/advisories/GHSA-r297-p3v4-wp8m 2026-03-18 18:41:53+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhe5b4zree2h 2026-03-18...
CVE-2026-27278
creationtimestamp| type| source ---|---|--- 2026-03-11 03:00:18+00:00| seen| https://helpx.adobe.com/security/products/acrobat/apsb26-26.html 2026-03-12 13:00:13+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mguheoo3wj2u 2026-03-12 13:22:24+00:00| seen|...