Gotenberg has path traversal in zip entry name via Windows-style separators in upload filename

Summary filepath.Base on the Linux container does not strip backslashes , because \ is only a path separator on Windows. A multipart filename like ........\Windows\System32\evil.pdf survives Gotenberg's input sanitisation and lands verbatim as the zip entry name when a multi-output route...

PT-2026-45008

Summary filepath.Base on the Linux container does not strip backslashes , because is only a path separator on Windows. A multipart filename like ........WindowsSystem32evil.pdf survives Gotenberg's input sanitisation and lands verbatim as the zip entry name when a multi-output route returns its...

CVE-2026-44897

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in...

EUVD-2026-31993

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the mistune math plugin renders inline math $...$ and block math $$...$$ by concatenating the raw user-supplied content directly into the HTML output without any HTML escaping. This occurs even when the parser is...

Twig: The `spaceless` filter implicitly marks its output as safe

Description The spaceless filter is registered with issafe = 'html', which means Twig's autoescaper does not escape its output in an HTML context. As a result, applying spaceless to attacker-controlled input that contains markup emits the markup unescaped even when the developer never wrote |raw...

Arcane Backend: OS Command Injection in Volume Browser ListDirectory via path query parameter

Summary GET /environments/id/volumes/volumeName/browse accepts a path query parameter that is passed to a shell command sh -c "find … | while …" inside an Arcane helper container. The path sanitiser blocks ../ traversal but does not strip Bourne-shell metacharacters such as $ or backticks, and...

CVE-2026-41691

Copilot said: i18nextify is a JavaScript library that adds i18nextify is a JavaScript library that adds website internationalization via a script tag, without source code changes. Versions prior to 3.0.5 interpolate the lng and ns values directly into the configured loadPath / addPath URL templat...

EUVD-2026-28438

Copilot said: i18nextify is a JavaScript library that adds i18nextify is a JavaScript library that adds website internationalization via a script tag, without source code changes. Versions prior to 3.0.5 interpolate the lng and ns values directly into the configured loadPath / addPath URL templat...

EUVD-2026-28346

Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code and subsequently OS commands on the docker container via Server-Side Template Injection SSTI for user-created transformations...

CVE-2026-33587

CVE-2026-33587 affects Open Notebook v1.8.3 and is due to lack of user input sanitisation enabling Server-Side Template Injection (SSTI). This allows an application user to run Python code within the server context and, consequently, execute OS commands inside the Docker container for user-create...

PT-2026-38418

Name of the Vulnerable Software and Affected Versions Open Notebook version 1.8.3 Description Insufficient user input sanitization allows an application user to perform Server-Side Template Injection SSTI, a flaw where an attacker can inject malicious templates into a server-side engine. This...

django-mdeditor is Missing Authentication for Critical Function

All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint lacks authentication protection and proper sanitisation of file...

GHSA-QP2C-XQV6-PHH6 django-mdeditor is Missing Authentication for Critical Function

All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint lacks authentication protection and proper sanitisation of file...

CVE-2025-13030

All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint lacks authentication protection and proper sanitisation of file...

CVE-2025-13030

CVE-2025-13030 affects the django-mdeditor package. All versions are vulnerable to Missing Authentication for Critical Function in the image upload endpoint, allowing an attacker to upload malicious files and achieve arbitrary code execution due to lack of authentication and improper sanitisation...

PT-2026-36039

Name of the Vulnerable Software and Affected Versions django-mdeditor affected versions not specified Description The image upload endpoint lacks authentication protection and proper sanitization of file names. This allows an attacker to upload malicious files and achieve arbitrary code execution...

CVE-2026-39341 SQL injection in ChurchCRM.0

ChurchCRM is an open-source church management system. Prior to 7.1.0, the application is vulnerable to time-based SQL injection due to an improper input validation. Endpoint Reports/ConfirmReportEmail.php?familyId= is not correctly sanitising user input, specifically, the sanitised input is not...

GHSA-VVXM-VXMR-624H Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`

Summary An unsanitised filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including the server's absolute DATADIR path — is returned verbatim in the HTTP 400 response body, confirming information...

CVE-2026-2466

The DukaPress WordPress plugin through 3.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

PT-2026-27516

Name of the Vulnerable Software and Affected Versions ActiveMatrix BusinessWorks and Enterprise Administrator affected versions not specified Description The software contains injection flaws stemming from inadequate validation or sanitization of user-provided input. This can lead to the disclosu...