121 matches found
CVE-2022-2838
In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP requests...
python-sphinx bug fix and enhancement update
An update is available for python-sphinx. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linu...
CVE-2025-23734
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Casey Bisson Gigaom Sphinx go-sphinx allows Reflected XSS.This issue affects Gigaom Sphinx: from n/a through = 0.1...
CVE-2025-23734 WordPress Gigaom Sphinx plugin <= 0.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Casey Bisson Gigaom Sphinx go-sphinx allows Reflected XSS.This issue affects Gigaom Sphinx: from n/a through = 0.1...
CVE-2025-23734
CVE-2025-23734 — Reflected XSS in NotFound Gigaom Sphinx WordPress plugin (go-sphinx) up to version 0.1 due to improper input neutralization during web page generation. Impact: potential script execution in victims’ browsers. Affected: Gigaom Sphinx plugin (WordPress). Remediation: upgrade to a v...
CVE-2025-23734 WordPress Gigaom Sphinx plugin <= 0.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Casey Bisson Gigaom Sphinx go-sphinx allows Reflected XSS.This issue affects Gigaom Sphinx: from n/a through = 0.1...
WordPress plugin Gigaom Sphinx 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Gigaom Sphinx plugin <= 0.1 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Gigaom Sphinx versions = 0.1...
Security update for python310
This update for python310 fixes the following issues: CVE-2024-11168: improper validation of IPv6 and IPvFuture addresses. bsc1233307 Bug fixes: Remove -IVendor/ from python-config. bsc1231795 Include renaming :noindex: option to :no-index: in Sphinx 7.2. bsc1232750 Patch Instructions: To install...
SUSE-SU-2024:4153-1 Security update for python310
This update for python310 fixes the following issues: - CVE-2024-11168: improper validation of IPv6 and IPvFuture addresses. bsc1233307 Bug fixes: - Remove -IVendor/ from python-config. bsc1231795 - Include renaming :noindex: option to :no-index: in Sphinx 7.2. bsc1232750...
Malicious code in sphinx-rdt-theme (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8397635bb7a7130efa3b0f3b924fbb3b61c66ab82baedef14452ded787f4e00a A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...
Malicious code in sphinx-rtd-themes (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1933e78b1c1cac28d6c11543982037a14a670072822edf7efeba506a880e47a6 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...
MAL-2024-10730 Malicious code in sphinx-rdt-theme (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8397635bb7a7130efa3b0f3b924fbb3b61c66ab82baedef14452ded787f4e00a A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...
andeplane-pyodide-kernel (>=0.0.7 <=0.0.12), here-search-demo (>=0.9.0 <=0.9.1) +8 more potentially affected by unknown CVE via jupyterlite-core (>=0.1.2 <=0.4.0rc0)
jupyterlite-core PYPI version =0.1.2, =0.0.7, =0.9.0, =0.0.4, =0.10.0, =0.1.0, =0.9.6, =0.3.0, =0.6.0, =0.6.1 Source cves: unknown CVE Source advisory: OSV:GHSA-GJ55-2XF9-67RQ...
ROS-20240626-12
A vulnerability in the Sphinx search engine is related to a path traversal error. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to the protected information using the CALL SNIPPETS statement or the loadfile function...
Malicious code in sphinx-rtd-theme-cilium (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-6033 Malicious code in sphinx-rtd-theme-cilium (PyPI)
--- -= Per source details. Do not edit below this line.=-...
Oracle Linux 8 : python27:2.7 (ELSA-2024-2987)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2987 advisory. - Fix CVE-2021-20095 Resolves: rhbz1955615 - Fix CVE-2019-6446 - Fix CVE-2014-1858, CVE-2014-1859: 1062009, 1062359 - Security fix for CVE-2022-48560...
django-ndr-core (>=0.8.0 <=0.22.2), nlpboost (=0.0.1) +1 more potentially affected by unknown CVE via readthedocs-sphinx-search (>=0.1.2 <=0.3.1)
readthedocs-sphinx-search PYPI version =0.1.2, =0.8.0, =0.22.2 - nlpboost =0.0.1 - sphinx-godot-theme =0.1.0 Source cves: unknown CVE Source advisory: OSV:GHSA-XGFM-FJX6-62MJ...
GHSA-XGFM-FJX6-62MJ readthedocs-sphinx-search vulnerable to cross-site scripting when including search results from malicious projects
Impact This vulnerability could have allowed an attacker to include arbitrary HTML content in search results by having a user search a malicious project. This was due to our search client not correctly escaping all user content from search results. You can find more information in the advisory...