A security flaw has been discovered in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This affects an unknown part of the file /api/admin/common/download/templates of the component API. Performing a manipulation of the argument templateName results in path traversal. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. Upgrading to version 1.3.3-beta is able to mitigate this issue. The patch is named aefaabfd7527188bfba3c8c9eee17c316d094802. It is recommended to upgrade the affected component. The project was informed beforehand and acted very professional: "We have implemented path validity checks on parameters for the template download interface (...)"

CVE Database V5

Detailed information about CVE-2026-3188: Path Traversal in feiyuchuixue sz-boot-parent affecting feiyuchuixue sz-boot-parent. Get real-time updates, technical 

CVE-2026-3188: Path Traversal in feiyuchuixue sz-boot-parent - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2026-3188: Path Traversal in feiyuchuixue sz-boot-parent

An arbitrary file upload vulnerability in the subtitle loading function of asbplayer v1.13.0 allows attackers to execute arbitrary code via uploading a crafted subtitle file.

Detailed information about CVE-2025-69771: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-69771: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-69771: n/a

esm.sh is a no-build content delivery network (CDN) for web development. In version 136, esm.sh is vulnerable to a full-response SSRF, allowing an attacker to retrieve information from internal websites through the vulnerability. Version 137 fixes the vulnerability.

Detailed information about CVE-2025-50180: CWE-918: Server-Side Request Forgery (SSRF) in esm-dev esm.sh affecting esm-dev esm.sh. Get real-time updates, techni

CVE-2025-50180: CWE-918: Server-Side Request Forgery (SSRF) in esm-dev esm.sh - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-50180: CWE-918: Server-Side Request Forgery (SSRF) in esm-dev esm.sh

A vulnerability was detected in Chia Blockchain 2.1.0. Impacted is an unknown function of the file /send_transaction. The manipulation results in cross-site request forgery. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is considered difficult. The exploit is now public and may be used. The vendor was informed early via email. A separate report via bugbounty was rejected with the reason "This is by design. The user is responsible for host security".

Detailed information about CVE-2026-3193: Cross-Site Request Forgery in Chia Blockchain affecting Chia Blockchain. Get real-time updates, technical details, and

CVE-2026-3193: Cross-Site Request Forgery in Chia Blockchain - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2026-3193: Cross-Site Request Forgery in Chia Blockchain

Due to missing neutralization of special elements, OS commands can be injected via the update functionality of a TLS-SRP connection, which is normally used for configuring devices inside the mesh network.
This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.

Detailed information about CVE-2026-27849: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Linksys MR9600 a

CVE-2026-27849: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Linksys MR9600 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2026-27849: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Linksys MR9600

An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place.

Detailed information about CVE-2024-24520: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2024-24520: n/a

CVE-2024-24520: n/a

Description

Technical Details

Community Reviews

Related Threats

CVE-2026-3188: Path Traversal in feiyuchuixue sz-boot-parent

CVE-2025-69771: n/a

CVE-2025-50180: CWE-918: Server-Side Request Forgery (SSRF) in esm-dev esm.sh

CVE-2026-3193: Cross-Site Request Forgery in Chia Blockchain

CVE-2026-27849: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Linksys MR9600

Actions

External Links

Need more coverage?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility