6 matches found
CVE-2026-27602 Modoboa has an OS Command Injection
Modoboa is a mail hosting and management platform. Prior to version 2.7.1, execcmd in modoboa/lib/sysutils.py always runs subprocess calls with shell=True. Since domain names flow directly into shell command strings without any sanitization, a Reseller or SuperAdmin can include shell metacharacte...
CVE-2026-24515
In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...
PT-2026-1404
Name of the Vulnerable Software and Affected Versions FastDup – Fastest WordPress Migration & Duplicator plugin versions prior to 2.7 Description The FastDup plugin for WordPress has a path traversal issue affecting versions up to 2.7. Authenticated attackers with Contributor-level access or high...
Kozea CairoSVG 代码问题漏洞
Kozea CairoSVG is a Python based software from the Kozea community that converts SVG files to PDF, EPS, PS and PNG files. A code issue vulnerability exists in Kozea CairoSVG versions prior to 2.7.0, which stems from the fact that Cairo can send requests to an external host when processing SVG...
ALPINE-CVE-2019-9495
The implementations of EAP-PWD in hostapd and wpasupplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpasupplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful...
FFmpeg allocate_buffers denial of service vulnerability
FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in the 'allocatebuffers' function in the libavcodec/alac.c file in versions of FFmpeg prior to 2.7.2, which stems from the program's failure to initialize...