CVE-2026-32886

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.24 and 8.6.47, remote clients can crash the Parse Server process by calling a cloud function endpoint with a crafted function name that traverses the JavaScript prototype...

CVE-2020-10616

Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts...

EUVD-2020-3068

Malware in sbrugna...

EUVD-2024-44113

Malicious code in bioql PyPI...

CVE-2024-5125

parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site Scripting XSS and Open Redirect due to inadequate input validation and processing of SVG files during the upload process. The XSS vulnerability allows attackers to embed malicious JavaScript code within SVG files, which is executed upo...

OpenSSH 9.6 Remote Code Execution Exploit

OpenSSH version 9.6, which allows for command injection and remote code execution RCE. Exploit posing a significant risk to systems running the affected version...

PT-2024-37482

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui version 9.6 Description: An absolute path traversal issue exists, specifically in the "open file" endpoint of "lollms advanced.py". The sanitize path function with allow absolute path=True allows an attacker to access...

CVE-2024-4841 Path Traversal in parisneo/lollms-webui

A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'addreferencetolocalmode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. By exploiting this vulnerability, an attacker can predict the folders,...

CVE-2024-3429

A path traversal vulnerability exists in the parisneo/lollms application, specifically within the sanitizepathfromendpoint and sanitizepath functions in lollmscore\lollms\security.py. This vulnerability allows for arbitrary file reading when the application is running on Windows. The issue arises...

CVE-2024-3429

Path traversal vulnerability in the parisneo/lollms application affects the lollms_core\lollms\security.py functions sanitize_path_from_endpoint and sanitize_path. Root cause is insufficient sanitization of user input, enabling arbitrary file reading on Windows and potential information disclosur...

CVE-2024-3429 Path Traversal in parisneo/lollms

A path traversal vulnerability exists in the parisneo/lollms application, specifically within the sanitizepathfromendpoint and sanitizepath functions in lollmscore\lollms\security.py. This vulnerability allows for arbitrary file reading when the application is running on Windows. The issue arises...

GHSA-9P73-X86V-JW57 path traversal vulnerability was identified in the parisneo/lollms-webui

A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the 'listpersonalities' endpoint. By crafting a malicious HTTP request, an attacker can traverse the...

CVE-2024-4330

A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the 'listpersonalities' endpoint. By crafting a malicious HTTP request, an attacker can traverse the...

CVE-2024-4330

A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the 'listpersonalities' endpoint. By crafting a malicious HTTP request, an attacker can traverse the...

CVE-2024-31859

Mattermost CVE-2024-31859 describes an authorization flaw where a member running a playbook in an existing channel can be promoted to channel admin. Affected releases include Mattermost 8.1.x through 8.1.12, 9.5.x through 9.5.3, and 9.6.x through 9.6.1, due to failure to perform proper authorizat...

CVE-2024-31859 Member promoted to channel admin via playbooks run linking to channel

Mattermost versions 9.5.x = 9.5.3, 9.6.x = 9.6.1 and 8.1.x = 8.1.12 fail to perform proper authorization checks which allows a member running a playbook in an existing channel to be promoted to a channel admin...

CVE-2024-5270

Mattermost vulnerable in multiple tracked versions (8.1.x <= 8.1.12; 9.5.x <= 9.5.3; 9.6.x <= 9.6.1; 9.7.x email switch. Impact: improper access control for authentication method and related data. Mitigation: upgrade to versions later than the listed fixed versions (as documented in PT-2...

WordPress Stockholm Theme <= 9.6 is vulnerable to Local File Inclusion

Software Stockholm Type Theme Vulnerable versions = 9.6 Fixed in 9.7 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-34551 Patch priority High CVSS severity High 9 Developer Claim ownership PSID ba79b1de262f Credits Rafie Muhammad Patchstack Required privilege...

WordPress Stockholm Theme <= 9.6 is vulnerable to Local File Inclusion

Software Stockholm Type Theme Vulnerable versions = 9.6 Fixed in 9.7 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-34552 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 85b9ed51ce3f Credits Rafie Muhammad Patchstack Required privilege...

Mattermost fails to limit the number of active sessions

Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x before 9.5.3, 9.4.x before 9.4.5 fail to limit the number of active sessions, which allows an authenticated attacker to crash the server via repeated requests to the getSessions API after flooding the sessions table...