a-mailx (=0.1.0), a-move-files-by-excel (>=0.1.0 <=0.1.1) +4285 more potentially affected by CVE-2026-41066 via lxml (>=3.2.3 <=6.0.4)

lxml PYPI version =3.2.3, =0.1.0, =0.1.0, =0.1.0, =0.9.1, =1.0.2, =0.1.0, =0.3.0, =0.3.5, =0.3.0, =0.3.0, =0.2.5, =0.1.0, =0.0.2, =1.13.4 and more Source cves: CVE-2026-41066 Source advisory: OSV:PYSEC-2026-87...

CVE-2026-27820

zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstreambufferungets function prepends caller-provided bytes ahead of previously produced output but...

WordPress plugin New User Approve 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-12324

The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's table shortcode attributes in all versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

TencentOS Server 4: pcs (TSSA-2025:0829)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0829 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2025-61780 Rack has Possible Information Disclosure Vulnerability

Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, a possible information disclosure vulnerability existed in Rack::Sendfile when running behind a proxy that supports x-sendfile headers such as Nginx. Specially crafted headers could cause Rack::Sendfile to...

EUVD-2024-36475

Malicious code in bioql PyPI...

OESA-2025-1412 cobbler security update

Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. Cobbler's advanced features include importing distributions from DVDs and rsync mirrors,...

PT-2024-32600 · Unknown · Averta Depicter Slider

Name of the Vulnerable Software and Affected Versions: Averta Depicter Slider versions prior to 3.2.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS in Averta Depicter Slider...

google-enterprise-connector-dctm SQL注入漏洞

google-enterprise-connector-dctm is a Google Search Appliance connector for individual developers. A SQL injection vulnerability exists in google-enterprise-connector-dctm 3.2.3 and below, which can be exploited by an attacker to manipulate the parameter username/domain resulting in a sql injecti...

Bosch Video Security 跨站脚本漏洞

Bosch Video Security is a video security system from Bosch, Germany. Used to connect to Bosch Ip cameras and encoders from around the world, experience instant video playback, full access to your recordings, forensic search of cameras with Bosch video analytics support, and smooth control of Ptz...

PT-2021-5776 · Npm +9 · Node-Tar +9

Name of the Vulnerable Software and Affected Versions: node-tar versions prior to 3.2.3 node-tar versions prior to 4.4.15 node-tar versions prior to 5.0.7 node-tar versions prior to 6.1.2 Description: The issue is related to insufficient symlink protection in the node-tar module for handling tar...

WESEEK GROWI Cross-Site Scripting Vulnerability (CNVD-2019-04901)

WESEEK GROWI is a suite of team collaboration software from WESEEK Japan. A cross-site scripting vulnerability exists in WESEEK GROWI 3.2.3 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary script in a user's web browser...

Futomi MP Form Mail CGI Professional Edition Directory Traversal Vulnerability

Futomi MP Form Mail CGI Professional Edition is a suite of software that sends mail in the form of CGI to a specified E-mail from Futomi, Japan. A directory traversal vulnerability exists in Futomi MP Form Mail CGI Professional Edition 3.2.3 and earlier versions. An attacker can exploit this...