Python Liquid 路径遍历漏洞

Python Liquid is a Python engine developed by James for processing Liquid templates. Versions of Python Liquid prior to 2.2.0 had a path traversal vulnerability. This vulnerability stemmed from the lack of protection in FileSystemLoader and CachingFileSystemLoader against reading absolute paths,...

Bugsink 安全漏洞

Bugsink is an open-source, self-hosted bug tracking software developed by Bugsink. Versions of Bugsink prior to 2.2.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the event pages did not require events to be issues within URLs, which could allow authenticat...

CVE-2026-33474 Vikunja Affected by DoS via Image Preview Generation

Vikunja is an open-source self-hosted task management platform. Starting in version 1.0.0-rc0 and prior to version 2.2.0, unbounded image decoding and resizing during preview generation lets an attacker exhaust CPU and memory with highly compressed but extremely large-dimension images. Version...

CVE-2026-33474

The CVE-2026-33474 entry maps to a DoS via image preview generation in Vikunja. The attached advisory details an unbounded image decoding and resizing path during preview creation that can exhaust CPU and memory when handling highly compressed, very large-dimension images. Affected code paths inc...

PT-2025-48034

Formwork is a flat file-based Content Management System CMS. Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controll...

bumsys SQL注入漏洞

bumsys is an open source project called Business Management System by unilogies individual developers. A SQL injection vulnerability exists in bumsys versions prior to 2.2.0, which stems from an SQL injection in ajaxdata.php...

GHSA-M78R-2X6W-QQJP Mattermost Server is vulnerable to XSS through crafted links

An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link...

CVE-2022-28164

Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords...

PYSEC-2022-11

In Apache Airflow prior to 2.2.0. This CVE applies to a specific case where a User who has "cancreate" permissions on DAG Runs can create Dag Runs for dags that they don't have "edit" permissions for...

CVE-2019-15609

The kill-port-process package version 2.2.0 is vulnerable to a Command Injection vulnerability...

CVE-2017-7678

In Apache Spark before 2.2.0, it is possible for an attacker to take advantage of a user's trust in the server to trick them into visiting a link that points to a shared Spark cluster and submits data including MHTML to the Spark master, or history server. This data, which could contain a script,...

DEBIAN-CVE-2014-9743

Cross-site scripting XSS vulnerability in the httpdHtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info...