Eptura Archibus 安全漏洞

Eptura Archibus is an all-in-one workspace management system platform from Eptura Corporation, USA. A security vulnerability exists in Eptura Archibus version 2024.03.01.109, which stems from a directory traversal in the Run script and Server File components of the Database Update Wizard...

Cross-site Scripting (XSS)

Overview @questdb/web-console is a QuestDB Web Console Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Web Console component. An attacker can inject and execute arbitrary scripts by submitting crafted input that is not properly sanitized. Details Cross-site...

CVE-2026-21884 React Router SSR XSS in ScrollRestoration

React Router is a router for React. In @remix-run/react version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, a XSS vulnerability exists in in React Router's API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript...

CVE-2025-61686 React Router has Path Traversal in File Session Storage

React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17.2, and @remix-run/node prior to version 2.17.2, if createFileSessionStorage is being used from @react-router/node or @remix-run/node/@remix-run/deno in Remix v2 with an...

CVE-2026-22607 Fickling Blocklist Bypass: cProfile.run()

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user relies on...

EUVD-2026-1687

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user relies on...

PT-2026-2226

Name of the Vulnerable Software and Affected Versions Fickling versions up to and including 0.1.6 Description Fickling, a Python pickling decompiler and static analyzer, incorrectly classifies pickles utilizing Python’s runpy.run path or runpy.run module as SUSPICIOUS instead of OVERTLY MALICIOUS...

PT-2026-2227

Name of the Vulnerable Software and Affected Versions Fickling versions up to and including 0.1.6 Description Fickling, a Python pickling decompiler and static analyzer, incorrectly classifies pickles utilizing the cProfile.run function as SUSPICIOUS instead of OVERTLY MALICIOUS. This...

EUVD-2026-1690

mnl has segmentation fault and invalid memory read in mnl::cbrun...

CVE-2023-49314

Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack...

CVE-2021-33012

Rockwell Automation MicroLogix 1100, all versions, allows a remote, unauthenticated attacker sending specially crafted commands to cause the PLC to fault when the controller is switched to RUN mode, which results in a denial-of-service condition. If successfully exploited, this vulnerability will...

CVE-2021-28374

The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some configurations. In general, it includes the user's...

CVE-2021-27609

SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authenticated user, which allows a user to call the oData service and manipulate the activation for the SAP EarlyWatch Alert service data collection and sending to SAP without the intended authorization...

📄 Eptura Archibus Directory Traversal

In Eptura Archibus versions before version 2025.01, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal. Title: Eptura Archibus Directory Traversal Description: In Eptura Archibus versions before v2025.01, the "Run script" and "Serve...

@buttery/tokens (>=0.1.2 <=0.1.10), @common-stack/frontend-stack-react (>=6.0.6-alpha.23 <=9.0.2-alpha.7) +26 more potentially affected by CVE-2026-22030 via @remix-run/server-runtime (>=2.0.0-pre.0 <=2.17.2)

@remix-run/server-runtime NPM version =2.0.0-pre.0, =0.1.2, =6.0.6-alpha.23, =6.0.6-alpha.28, =0.1.0, =5.6.0, =5.13.0, =5.6.0, =5.6.0, =0.1.36, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.17.2 and more Source cves: CVE-2026-22030 Source advisory: SNYK:JS-REMIXRUNSERVERRUNTIME-14908428...

@buttery/tokens (>=0.1.2 <=0.1.10), @common-stack/frontend-stack-react (>=6.0.6-alpha.23 <=9.0.2-alpha.7) +6 more potentially affected by CVE-2026-21884 via @remix-run/react (>=2.0.0-pre.0 <=2.17.2)

@remix-run/react NPM version =2.0.0-pre.0, =0.1.2, =6.0.6-alpha.23, =0.1.0, =5.6.0, =0.1.36, =2.0.0, =3.0.0, =0.9.84, =0.11.29 Source cves: CVE-2026-21884 Source advisory: SNYK:JS-REMIXRUNREACT-14908292...

@1023-ventures/merope2 (>=0.2.1 <=0.2.9), @1023-ventures/vega-core (>=0.5.0 <=0.6.2) +948 more potentially affected by CVE-2025-68470 via @remix-run/router (>=1.0.0 <=1.23.1-pre-v6.0)

@remix-run/router NPM version =1.0.0, =0.2.1, =0.5.0, =0.0.1, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =2.7.0, =0.0.1, =0.1.0, =0.0.0, =23.1.12, =1.0.1, =0.0.6, =0.1.2 and more Source cves: CVE-2025-68470 Source advisory: SNYK:JS-REMIXRUNROUTER-14908287...

@buttery/tokens (>=0.1.2 <=0.1.10), @common-stack/frontend-stack-react (>=6.0.6-alpha.23 <=9.0.2-alpha.7) +18 more potentially affected by CVE-2025-61686 via @remix-run/node (>=2.0.0-pre.0 <=2.17.1)

@remix-run/node NPM version =2.0.0-pre.0, =0.1.2, =6.0.6-alpha.23, =6.0.6-alpha.28, =0.1.0, =5.6.0, =5.13.0, =5.6.0, =5.6.0, =0.1.36, =2.0.0, =2.10.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.1 and more Source cves: CVE-2025-61686 Source advisory: SNYK:JS-REMIXRUNNODE-14908858...

@b42inc/remix-i18n (=0.0.1), @briandlee/remix-return-navigation (>=1.0.0 <=1.1.0-dev0) +70 more potentially affected by CVE-2025-59057 via @remix-run/react (>=1.15.0 <=2.17.0)

@remix-run/react NPM version =1.15.0, =1.0.0, =0.1.2, =1.0.0, =6.0.6-alpha.23, =0.0.2-alpha.0, =0.0.1, =0.0.1, =0.1.0, =1.0.0, =0.0.22, =0.0.6, =0.0.1, =5.6.0, =5.28.0 and more Source cves: CVE-2025-59057 Source advisory: SNYK:JS-REMIXRUNREACT-14908290...

@b42inc/remix-i18n (=0.0.1), @briandlee/remix-return-navigation (>=1.0.0 <=1.1.0-dev0) +70 more potentially affected by CVE-2025-59057 via @remix-run/react (>=1.15.0 <=2.17.0)

@remix-run/react NPM version =1.15.0, =1.0.0, =0.1.2, =1.0.0, =6.0.6-alpha.23, =0.0.2-alpha.0, =0.0.1, =0.0.1, =0.1.0, =1.0.0, =0.0.22, =0.0.6, =0.0.1, =5.6.0, =5.28.0 and more Source cves: CVE-2025-59057 Source advisory: OSV:GHSA-3CGP-3XVW-98X8...