Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Ironic vulnerabilities (USN-8421-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8421-1 advisory. Dmitry Tantsur and Tuomo Tanskanen discovered that Ironic did not properly validate file paths when handling ISO images. ...

USN-8421-1 ironic vulnerabilities

Dmitry Tantsur and Tuomo Tanskanen discovered that Ironic did not properly validate file paths when handling ISO images. A privileged authenticated remote user could use this issue to perform path traversal via a crafted ISO image and overwrite arbitrary files on the Ironic conductor...

CVE-2026-38432

ERPNext v15.103.1 and earlier is vulnerable to Cross Site Scripting (XSS) in the Email Template engine. Affected component: Email Template engine. Root cause: an attacker with permission to create or edit email templates can inject malicious JavaScript that executes in the victim’s browser when t...

CVE-2026-1206

The CVE-2026-1206 entry concerns the Elementor Website Builder plugin for WordPress. Affected versions are all up to and including 3.35.7. The vulnerability arises from a logic error in is_allowed_to_read_template() that mishandles the permission check for template access, causing non-published t...

GO-2026-4678 Unauthorized access to Argo Workflows Template in github.com/argoproj/argo-workflows

Unauthorized access to Argo Workflows Template in github.com/argoproj/argo-workflows...

EUVD-2026-10026

An authenticated Zabbix user User role with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit templates/hosts even...

CVE-2026-24046 Backstage has a Possible Symlink Path Traversal in Scaffolder Actions

Backstage is an open framework for building developer portals. Multiple Scaffolder actions and archive extraction utilities were vulnerable to symlink-based path traversal attacks. An attacker with access to create and execute Scaffolder templates could exploit symlinks to read arbitrary files vi...

CVE-2025-67171

Incorrect access control in the /templates/ component of RiteCMS v3.1.0 allows attackers to access sensitive files via directory traversal...

EUVD-2018-11751

Malware in sbrugna...

EUVD-2023-2663

Malicious code in bioql PyPI...

EUVD-2024-3523

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-3501

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Article template contents with sensitive data could be accessed from agents without permissions. CVE-2022-3501 Note that Nessus relies on the presence of the...

CVE-2023-1910

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the getremotetemplates function in versions up to, and including, 1.8.3. This makes it possible for authenticated attackers with subscriber-level...

CVE-2019-8134

A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with marketing privileges can execute arbitrary SQL queries in the database when accessing email template variables...

foreman: Read-only access to entire DB from templates

A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in the loader macros, users can bypass permissions...

PT-2024-24257

Name of the Vulnerable Software and Affected Versions Goahead versions = 6.0.0 Description This issue involves two Use After Free UAF and one Double Free vulnerabilities. These vulnerabilities are caused by JST values not being nulled when freed during parsing of JST templates. If the ME GOAHEAD...

CVE-2023-2086

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templatecount function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While ...

CVE-2023-2085

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templates function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While a...

CVE-2023-2085

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templates function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While a...

CVE-2023-1910 Getwid – Gutenberg Blocks <= 1.8.3 - Improper Authorization via get_remote_templates REST endpoint

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the getremotetemplates function in versions up to, and including, 1.8.3. This makes it possible for authenticated attackers with subscriber-level...