OPENSUSE-SU-2026:20361-1 Security update for osc, obs-scm-bridge

This update for osc, obs-scm-bridge fixes the following issues: Changes in osc: - 1.24.0 - Command-line: - Add '--target-owner' option to 'git-obs repo fork' command - Add '--self' parameter to fix 'no matching parent repo' error message in 'git-obs pr create' - Fix 'osc aggregatepac' for scmsync...

CVE-2026-26009

Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating system as root via bash -c, with no sandboxing or containerization. Any user with template.create or...

CVE-2026-26009 Catalyst Affected by Remote Code Execution as Root via Containerized Install Script Execution

Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating system as root via bash -c, with no sandboxing or containerization. Any user with template.create or...

EUVD-2024-49358

Malicious code in bioql PyPI...

CVE-2021-30261

Possible integer and heap overflow due to lack of input command size validation while handling beacon template update command from HLOS in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

PT-2025-9135 · Pwndoc · Pwndoc

Name of the Vulnerable Software and Affected Versions: PwnDoc versions prior to 1.2.0 Description: The issue concerns the backup restore functionality, which allows an administrator to import raw data into the database, including Path Traversal ../ sequences. This is problematic for the template...

CVE-2024-8706

A vulnerability was found in JFinalCMS up to 20240903. It has been classified as problematic. This affects the function update of the file /admin/template/update of the component com.cms.util.TemplateUtils. The manipulation of the argument fileName leads to path traversal. It is possible to...

CVE-2024-8694

A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This affects the function update of the file /admin/template/update of the component com.cms.controller.admin.TemplateController. The manipulation of the argument fileName leads to path traversal. It is...

JFinalCMS 路径遍历漏洞

JFinalCMS is a content management system by heyewei personal developer. A path traversal vulnerability exists in JFinalCMS version 20240903 and earlier, which stems from the fileName parameter in the file /admin/template/update, which can lead to path traversal...

JFinalCMS 路径遍历漏洞

JFinalCMS is a content management system by heyewei personal developer. A path traversal vulnerability exists in JFinalCMS version 20240903 and earlier, which stems from the fileName parameter in the file /admin/template/update, which can lead to path traversal...

PT-2024-39186 · Jfinalcms · Jfinalcms

Name of the Vulnerable Software and Affected Versions: JFinalCMS up to 20240903 Description: A vulnerability was found in the function update of the file /admin/template/update of the component com.cms.util.TemplateUtils. The manipulation of the argument fileName leads to path traversal. It is...

CVE-2023-30264

CLTPHP =6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via application/admin/controller/Template.php:update...

CLTPHP 代码问题漏洞

CLTPHP is an open source PHP content management system for efficient website building. A security vulnerability exists in CLTPHP 6.0 and earlier versions, which originates from an attacker being able to upload dangerous types of files without restriction via...

CVE-2021-30261

Possible integer and heap overflow due to lack of input command size validation while handling beacon template update command from HLOS in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

CVE-2020-13961

Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the email template for both...