15 matches found
EUVD-2025-43801
Malicious code in jaja-kue76-miaww npm...
EUVD-2024-43801
Malicious code in bioql PyPI...
CVE-2025-43801
Unchecked input for loop condition vulnerability in XML-RPC in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers...
CVE-2024-43801
creationtimestamp| type| source ---|---|--- 2024-09-02 21:24:25+00:00| seen| https://t.me/cvedetector/4651...
CVE-2024-43801 vulnerabilities
Vulnerabilities for packages: jellyfin...
CVE-2024-43801 vulnerabilities
Vulnerabilities for packages: jellyfin...
CVE-2024-43801 Privilege escalation to admin from a low-privileged user via SVG upload in Jellyfin
Jellyfin is an open source self hosted media server. The Jellyfin user profile image upload accepts SVG files, allowing for a stored XSS attack against an admin user via a specially crafted malicious SVG file. When viewed by an admin outside of the Jellyfin Web UI e.g. via "view image" in a...
CVE-2024-43801 Privilege escalation to admin from a low-privileged user via SVG upload in Jellyfin
Jellyfin is an open source self hosted media server. The Jellyfin user profile image upload accepts SVG files, allowing for a stored XSS attack against an admin user via a specially crafted malicious SVG file. When viewed by an admin outside of the Jellyfin Web UI e.g. via "view image" in a...
CVE-2023-43801 Path traversal in Arduino Create Agent
Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass t...
CVE-2023-43801
CVE-2023-43801 affects the Arduino Create Agent, specifically the endpoint /v2/pkgs/tools/installed. A user able to make HTTP requests to the localhost interface or bypass CORS can delete arbitrary files/folders owned by the Arduino Create Agent’s running user via a crafted HTTP DELETE request. R...
CVE-2022-43801
To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used...
CVE-2021-43801
creationtimestamp| type| source ---|---|--- 2021-12-13 22:12:24+00:00| seen| https://t.me/cibsecurity/33886...
CVE-2021-43801
Mercurius (GraphQL adapter for Fastify) versions 8.10.0–8.11.1 are vulnerable to a denial-of-service caused by sending a malformed JSON to /graphql. The issue is fixed in v8.11.2 (pull 678); a workaround is to use a custom error handler. No exploitation details are provided in the available docum...
CVE-2021-43801 Uncaught Exception in mercurius
Mercurius is a GraphQL adapter for Fastify. Any users from [email protected] to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to /graphql unless they are using a custom error handler. The vulnerability has been fixed in...
CVE-2022-43801
CVE-2022-43801 entry is rejected/not used per the initial description.