158 matches found
Security Bulletin: Maximo AI Service uses multiple third party dependencies which are vulnerable to multiple CVEs.
Summary Maximo AI Service uses path-to-regexp-0.1.12.tgz, mlflow-3.9.0rc0-py3-none-any.whl, lodash-4.17.23.tgz, tomcat-embed-core-10.1.53.jar, spring-security-config-6.5.9.jar, Mako-1.3.8-py3-none-any.whl, uuid-11.1.0.tgz, spring-boot-3.5.13.jar, mako-1.3.11-py3-none-any.whl and...
CVE-2026-44307
Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the...
CVE-2026-44307
Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the...
CVE-2026-44307 Mako: Path traversal via backslash URI on Windows in TemplateLookup
Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the...
DEBIAN-CVE-2026-39826
If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...
UBUNTU-CVE-2026-42476
Two heap-based out-of-bounds read vulnerabilities in the STL ASCII file parser in Open CASCADE Technology OCCT V800rc5 exist in RWStlReader::ReadAscii because buffers returned by StandardReadLineBuffer::ReadLine are not properly length-validated before strncasecmp or direct byte access...
CVE-2026-41205
Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be...
CVE-2026-41205
Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be...
EUVD-2026-25279
Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be...
CVE-2025-14283 BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library <= 2.2.14 - Authenticated (Contributor+) Stored Cross-Site Scripting
The BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the BlockArt Counter in all versions up to, and including, 2.2.14 due to insufficient input sanitization and outpu...
Malicious code in template-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e288aff0b522dd0945eacea1515088bda9c8140d4ae4ad53179f6f343143110 The package template-lib was found to contain malicious code. Source: ghsa-malware 184fda3b914503f8e849b5fa51afd8cea4fd8a88f0b81aeb6b128dac1847fbfa A...
EUVD-2025-199022
Malicious code in template-lib npm...
MAL-2025-191021 Malicious code in template-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e288aff0b522dd0945eacea1515088bda9c8140d4ae4ad53179f6f343143110 The package template-lib was found to contain malicious code. Source: ghsa-malware 184fda3b914503f8e849b5fa51afd8cea4fd8a88f0b81aeb6b128dac1847fbfa A...
@kitalive/sfdx-plugin (>=0.1.2 <=0.1.3), @salesforce/data (>=0.0.3 <=0.1.8) +4 more potentially affected by unknown CVE via template-lib (=1.1.2)
template-lib NPM version =1.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on template-lib and may be impacted: - @kitalive/sfdx-plugin =0.1.2, =0.0.3, =0.0.3, =51.6.0, =7.94.1, =7.115.1 - sfdx-node =3.1.0 Source cves: unknown CVE Source advisory:...
@kitalive/sfdx-plugin (>=0.1.2 <=0.1.3), @salesforce/data (>=0.0.3 <=0.1.8) +4 more potentially affected by unknown CVE via template-lib (=1.1.2)
template-lib NPM version =1.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on template-lib and may be impacted: - @kitalive/sfdx-plugin =0.1.2, =0.0.3, =0.0.3, =51.6.0, =7.94.1, =7.115.1 - sfdx-node =3.1.0 Source cves: unknown CVE Source advisory:...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
EUVD-2021-24765
Malware in sbrugna...
EUVD-2013-5399
Malware in sbrugna...
EUVD-2021-7117
Malicious code in bioql PyPI...
EUVD-2021-7116
Malicious code in bioql PyPI...