102 matches found
CVE-2026-4646 Insufficient input validation in GitHub plugin API causes denial of service
Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate user-supplied input in API request handlers which allows an authenticated attacker to crash the plugin process via a crafted HTTP request to the PR details endpoint.. Mattermost Advisory ID:...
Apache CloudStack 安全漏洞
Apache CloudStack is an IaaS cloud computing platform developed by the Apache Foundation in the United States. This platform is primarily used for deploying and managing large-scale virtual machine networks. Versions 4.21.0.0 and 4.22.0.0 of Apache CloudStack contain security vulnerabilities. The...
CVE-2026-41057 AVideo has CORS Origin Reflection Bypass via plugin/API/router.php and allowOrigin(true) that Exposes Authenticated API Responses
WWBN AVideo is an open source video platform. In versions 29.0 and below, the CORS origin validation fix in commit 986e64aad is incomplete. Two separate code paths still reflect arbitrary Origin headers with credentials allowed for all /api/ endpoints: 1 plugin/API/router.php lines 4-8...
CVE-2026-41057
CVE-2026-41057 affects WWBN AVideo (versions 29.0 and below). The issue arises from two incomplete CORS mitigations: (1) in plugin/API/router.php (lines 4–8) the server unconditionally reflects arbitrary Origin before application code runs, and (2) get.json.php and set.json.php call allowOrigin(t...
GHSA-2VG4-RRX4-QCPQ AVideo: Unauthenticated FFmpeg Remote Server Status Disclosure via check.ffmpeg.json.php
Summary The plugin/API/check.ffmpeg.json.php endpoint probes the FFmpeg remote server configuration and returns connectivity status without any authentication. All sibling FFmpeg management endpoints kill.ffmpeg.json.php, list.ffmpeg.json.php, ffmpeg.php require User::isAdmin. Details The entire...
MAL-2026-2451 Malicious code in strapi-plugin-api (npm)
strapi-plugin-api is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology. It...
Malicious code in strapi-plugin-api (npm)
strapi-plugin-api is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology. It...
PT-2026-7419
Name of the Vulnerable Software and Affected Versions FastGPT versions 4.14.0 through 4.14.5 Description FastGPT, an AI Agent building platform, has an issue where the plugin system can be accessed directly through the API endpoint /api/plugin/xxx without authentication. This affects versions...
CVE-2026-24047
Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the resolveSafeChildPath utility function in @backstage/backend-plugin-api, which is...
CVE-2026-24047 @backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass
Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the resolveSafeChildPath utility function in @backstage/backend-plugin-api, which is...
CVE-2026-24047
Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the resolveSafeChildPath utility function in @backstage/backend-plugin-api, which is...
CVE-2026-24047 @backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass
Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the resolveSafeChildPath utility function in @backstage/backend-plugin-api, which is...
CVE-2026-24047
CVE-2026-24047 affects Backstage: @backstage/cli-common relies on resolveSafeChildPath in @backstage/backend-plugin-api, which before v0.1.17 failed to validate symlink chains and dangling symlinks. This allowed path traversal via symlink chains (e.g., link1 → link2 → /outside) and dangling symli...
@backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass
Impact The resolveSafeChildPath utility function in @backstage/backend-plugin-api, which is used to prevent path traversal attacks, failed to properly validate symlink chains and dangling symlinks. An attacker could bypass the path validation by: 1. Symlink chains: Creating link1 → link2 → /outsi...
@backstage/backend-app-api (>=0.0.0-nightly-20241221023113 <=1.4.0-next.1), @backstage/backend-defaults (>=0.0.0-nightly-20241120023536 <=0.15.0-next.2) +111 more potentially affected by CVE-2026-24047 via @backstage/backend-plugin-api (>=1.0.1-next.0 <=1.6.0)
@backstage/backend-plugin-api NPM version =1.0.1-next.0, =0.0.0-nightly-20241221023113, =0.0.0-nightly-20241120023536, =0.0.0-nightly-20241120023536, =0.2.0-next.1, =0.0.0-nightly-20241221023113, =0.0.0-nightly-20241121023535, =0.1.26-next.1, =0.0.0-nightly-20250225023230, =0.3.1-next.1,...
PT-2026-3876
Name of the Vulnerable Software and Affected Versions Backstage versions prior to 0.1.17 Description The resolveSafeChildPath utility function in @backstage/backend-plugin-api did not properly validate symlink chains and dangling symlinks, leading to a path traversal issue. An attacker could bypa...
CVE-2022-23944
User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1...
CVE-2025-14695 SamuNatsu HaloBot Inter-plugin API index.js html_renderer dynamically-managed code resources
A vulnerability was determined in SamuNatsu HaloBot up to 026b01d4a896d93eaaf9d5163a287dc9f267515b. Affected is the function htmlrenderer of the file plugins/htmlrenderer/index.js of the component Inter-plugin API. Executing manipulation of the argument action can lead to dynamically-managed code...
CVE-2025-14695
This CVE concerns SamuNatsu HaloBot, affecting the Inter-plugin API component. The vulnerability is in plugins/html_renderer/index.js, within the html_renderer function, where manipulation of the action argument can result in dynamically-managed code resources. The issue is exploitable remotely a...
EUVD-2025-203319
A vulnerability was determined in SamuNatsu HaloBot up to 026b01d4a896d93eaaf9d5163a287dc9f267515b. Affected is the function htmlrenderer of the file plugins/htmlrenderer/index.js of the component Inter-plugin API. Executing manipulation of the argument action can lead to dynamically-managed code...