PYSEC-2026-68

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured rootdir and access sibling directories whose names begin with the same prefix as the rootdir. For exampl...

CVE-2018-10429

Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the Database Info screen of install.php...

CVE-2023-34235

Strapi is an open-source headless content management system. Prior to version 4.10.8, it is possible to leak private fields if one is using the tnumber prefix. Knex query allows users to change the default prefix. For example, if someone changes the prefix to be the same as it was before or to...

RHEL 9 : Red Hat OpenStack Platform 17.0 (python-werkzeug) (RHSA-2023:1018)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1018 advisory. Werkzeug ======== Werkzeug started as simple collection of various utilities for WSGI applications and has become one of the most advanced...

cpCommerce 1.2.x File Inclusion

!/usr/bin/perl cpCommerce 1.2.x GLOBALSprefix Arbitrary File Inclusion Exploit by staker mail: stakerathotmaildotit url: http://cpcommerce.cpradio.org it works with registerglobals=on if you wanna carry out a LFI - mq=off short explanation: cpCommerce contains one flaw that allows an attacker to...