org.webjars.npm:degenerator (=4.0.4), org.webjars.npm:pac-resolver (=6.0.2) +1 more potentially affected by CVE-2026-43997 via org.webjars.npm:vm2 (=3.9.19)

org.webjars.npm:vm2 MAVEN version =3.9.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:vm2 and may be impacted: - org.webjars.npm:degenerator =4.0.4 - org.webjars.npm:pac-resolver =6.0.2 - org.webjars.npm:rocket.chatapps-engine =1.35...

org.webjars.npm:degenerator (=4.0.4), org.webjars.npm:pac-resolver (=6.0.2) +1 more potentially affected by CVE-2026-24118 via org.webjars.npm:vm2 (=3.9.19)

org.webjars.npm:vm2 MAVEN version =3.9.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:vm2 and may be impacted: - org.webjars.npm:degenerator =4.0.4 - org.webjars.npm:pac-resolver =6.0.2 - org.webjars.npm:rocket.chatapps-engine =1.35...

CVE-2026-1299 affecting package python3 for versions less than 3.9.19-18

CVE-2026-1299 affecting package python3 for versions less than 3.9.19-18. A patched version of the package is available...

AZL-76499 CVE-2026-1703 affecting package python3 3.9.19-19

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations...

org.webjars.npm:degenerator (=4.0.4), org.webjars.npm:pac-resolver (=6.0.2) +1 more potentially affected by CVE-2026-22709 via org.webjars.npm:vm2 (=3.9.19)

org.webjars.npm:vm2 MAVEN version =3.9.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:vm2 and may be impacted: - org.webjars.npm:degenerator =4.0.4 - org.webjars.npm:pac-resolver =6.0.2 - org.webjars.npm:rocket.chatapps-engine =1.35...

AZL-75050 CVE-2025-15367 affecting package python3 3.9.19-19

The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters...

AZL-71275 CVE-2025-13837 affecting package python3 3.9.19-19

When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues...

AZL-65984 CVE-2025-8194 affecting package python3 for versions less than 3.9.19-15

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives...

CVE-2023-45803 affecting package python3 for versions less than 3.9.19-14

CVE-2023-45803 affecting package python3 for versions less than 3.9.19-14. A patched version of the package is available...

BIT-JOOMLA-2020-15695

An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request section of comprivacy causes a CSRF vulnerability...

Python DoS Vulnerability (Mar 2024) - Mac OS X

Python is prone to a denial of service DoS vulnerability in libexpat. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Python Symlink Dereference Vulnerability (Mar 2024) - Linux

Python is prone to a symlink dereference vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

Python Symlink Dereference Vulnerability (Mar 2024) - Windows

Python is prone to a symlink dereference vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

vm2 操作系统命令注入漏洞

vm2 is an advanced virtual machine/sandbox for Node.js by individual developer Patrik Simek in the Czech Republic. to run untrusted code using whitelisted Node built-in modules. An operating system command injection vulnerability exists in vm2 3.9.19 and earlier versions, which stems from a custo...

vm2 代码注入漏洞

vm2 is an advanced virtual machine/sandbox for Node.js by individual developer Patrik Simek in the Czech Republic. to run untrusted code using whitelisted Node built-in modules. A code injection vulnerability exists in vm2 3.9.19 and earlier versions, which stems from the ability to bypass handle...

Joomla! 3.0.0 - 3.9.18 Multiple XSS Vulnerabilities

Joomla! is prone to multiple cross-site scripting vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:joomla:joomla"...

Joomla! Articles - Newsflash and Articles - Categories Modules Cross-Site Scripting Vulnerabilities

Joomla! is a U.S. Open Source Matters team using PHP and MySQL development of a set of open source, cross-platform content management system CMS.Articles - Newsflash is one of the Flash content extension module.Articles - Categories is one of the article classification module. A cross-site...

Joomla! cross-site scripting vulnerability (CNVD-2020-53799)

Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. A cross-site scripting vulnerability exists in the tagging option of commodules in versions of Joomla! prior to 3.9.19. The vulnerability stems from...