CVE-2025-14767

The WPC Badge Management for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcbmbestseller shortcode in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-14767

CVE-2025-14767 affects the WordPress plugin WPC Badge Management for WooCommerce (versions ≤ 3.1.6). The vulnerability is a Stored Cross-Site Scripting via the 'text' attribute of the wpcbm_best_seller shortcode, caused by insufficient input sanitization and output escaping. Authenticated attacke...

Evolution CMS 代码注入漏洞

Evolution CMS is an open-source content management system based on PHP, developed by Evolution CMS. Version 3.1.6 of Evolution CMS has a code injection vulnerability. This vulnerability stems from a remote code execution flaw, allowing authenticated users with module creation permissions to execu...

CVE-2026-42276 Onyx: IDOR in /chat/stop-chat-session allows any authenticated user to interrupt other users chat sessions

Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the POST /chat/stop-chat-session/chatsessionid endpoint lets any authenticated user stop any other user's active chat session. The endpoint checks authentication but never verifies the session belongs to the caller. An...

Astra Linux - уязвимость в jinja2

Jinja is an extensible templating engine. Prior to version 3.1.6, there was a flaw in how the Jinja sandbox environment interacted with the |attr filter, allowing an attacker who controls the content of a template to execute arbitrary Python code. To exploit this vulnerability, an attacker needed...

Astra Linux - уязвимость в node-ejs

The ejs also known as Embedded JavaScript templates package version 3.1.6 for Node.js enables server-side template injection in settings view optionsoutputFunctionName. This is parsed as an internal option, and the outputFunctionName option is overwritten with an arbitrary OS command which is...

Astra Linux - уязвимость в libmodbus

It was discovered that libmodbus v3.1.6 contains a heap overflow vulnerability through the modbusmappingfree function...

Security Bulletin: There is a vulnerability in werkzeug-3.1.5-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-27199)

Summary There is a vulnerability in werkzeug-3.1.5-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-27199 DESCRIPTION: Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin...

CVE-2026-27199

Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fact that...

CVE-2026-27199

Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fact that...

CVE-2026-27199

CVE-2026-27199 affects Werkzeug. Versions 3.1.5 and earlier allow Windows device names as filenames when the path includes multiple segments, due to incomplete filtering in the safe_join function used by send_from_directory. When running on Windows, a request ending with a device name can open th...

CVE-2026-27199 Werkzeug safe_join() allows Windows special device names

Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fact that...

CVE-2026-27199 Werkzeug safe_join() allows Windows special device names

Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fact that...

CVE-2025-68022

CVE-2025-68022 corresponds to a Missing Authorization / Broken Access Control vulnerability in the WordPress plugin BlueX for WooCommerce, affected versions up to 3.1.6. Public sources (Patchstack, Red Hat, CVE records) describe an incorrectly configured access control security level that could b...

Exploit for CVE-2026-27199

CVE-2026-27199 PoC: Werkzeug safejoin Windows Device-Name...

PT-2026-21351

Name of the Vulnerable Software and Affected Versions Werkzeug versions 3.1.5 and below Description The safe join function in Werkzeug, a WSGI web application library, improperly handles Windows device names when used as filenames, particularly when preceded by other path segments. Specifically,...

CVE-2026-21345 Substance3D - Stager | Out-of-bounds Read (CWE-125)

Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current...

CVE-2026-22922

Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later, which resolves this...

Apache Airflow proxy credentials for various providers might leak in task logs

In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result,...

GHSA-7C2F-R6GC-H92H Apache Airflow proxy credentials for various providers might leak in task logs

In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result,...