Lucene search
K

41 matches found

Github Security Blog
Github Security Blog
added 2026/03/25 8:0 p.m.6 views

Sharp has Unrestricted File Upload via Client-Controlled Validation Rules

Summary The code16/sharp Laravel admin panel package contains a vulnerability in its file upload endpoint that allows authenticated users to bypass all file type restrictions. Details The upload endpoint within the ApiFormUploadController accepts a client-controlled validationrule parameter. This...

8.8CVSS6.1AI score0.00507EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/02/09 10:16 p.m.7 views

CVE-2026-25875

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The admin authorization middleware trusts client-controlled JWT claims role and scope without enforcing server-side role verification...

9.8CVSS0.00288EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.6 views

PlaciPy 安全漏洞

PlaciPy is an open-source employment management system developed by Praskla Technology. It aims to simplify the employment processes for students, trainers, and administrators in educational institutions. Version 1.0.0 of PlaciPy contains a security vulnerability. This vulnerability stems from th...

9.8CVSS5.8AI score0.00288EPSS
Exploits0References1
Snyk
Snyk
added 2025/12/15 7:37 p.m.2 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via a client-controlled flag in the captcha verification. An attacker can bypass authentication mechanisms by manipulating the flag value during the verification process. Remediation...

8.7CVSS7AI score0.0039EPSS
Exploits0References3
OSV
OSV
added 2025/12/15 7:37 p.m.6 views

GO-2025-4209 1Panel – CAPTCHA Bypass via Client-Controlled Flag in github.com/1Panel-dev/1Panel

1Panel – CAPTCHA Bypass via Client-Controlled Flag in github.com/1Panel-dev/1Panel...

7.5CVSS6.9AI score0.0039EPSS
Exploits0References4
NVD
NVD
added 2025/12/09 4:18 p.m.6 views

CVE-2025-66507

1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA...

7.5CVSS0.0039EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/09 1:25 a.m.5 views

EUVD-2025-201793

1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA...

7.5CVSS6.4AI score0.0039EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/09 1:25 a.m.28 views

CVE-2025-66507 1Panel – CAPTCHA Bypass via Client-Controlled Flag

1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA...

7.5CVSS0.0039EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/12/08 5:56 p.m.16 views

1Panel – CAPTCHA Bypass via Client-Controlled Flag

Summary A CAPTCHA bypass vulnerability in the 1Panel authentication API allows an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA protections could be bypassed,...

7.5CVSS7.2AI score0.0039EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2025/12/08 5:56 p.m.3 views

GHSA-QMG5-V42X-QQHQ 1Panel – CAPTCHA Bypass via Client-Controlled Flag

Summary A CAPTCHA bypass vulnerability in the 1Panel authentication API allows an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA protections could be bypassed,...

7.5CVSS7.1AI score0.0039EPSS
Exploits0References5
GitLab Advisory Database
GitLab Advisory Database
added 2025/12/08 12:0 a.m.6 views

1Panel – CAPTCHA Bypass via Client-Controlled Flag

A CAPTCHA bypass vulnerability in the 1Panel authentication API allows an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA protections could be bypassed, enabling...

7.5CVSS7.2AI score0.0039EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/12/08 12:0 a.m.8 views

1Panel – CAPTCHA Bypass via Client-Controlled Flag

A CAPTCHA bypass vulnerability in the 1Panel authentication API allows an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA protections could be bypassed, enabling...

7.5CVSS7.2AI score0.0039EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2006-4334

Malware in sbrugna...

7.5CVSS6.1AI score0.06349EPSS
Exploits0References11
OSV
OSV
added 2025/09/30 11:37 a.m.3 views

CVE-2025-7063

Due to client-controlled permission check parameter, PAD CMS's file upload functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can then be executed leading to Remote Code Execution. This issue affects all 3 templates: www, b...

9.8CVSS5.9AI score0.00583EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/30 10:5 a.m.7 views

CVE-2025-8120 Remote Code Execution via Unrestricted File Upload in PAD CMS

Due to client-controlled permission check parameter, PAD CMS's upload photo functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can then be executed leading to Remote Code Execution.This issue affects all 3 templates: www, b...

10CVSS0.00549EPSS
Exploits0References1
OSV
OSV
added 2021/10/22 12:15 p.m.6 views

CVE-2021-38449

Some API functions permit by-design writing or copying data into a given buffer. Since the client controls these parameters, an attacker could rewrite the memory in any location of the affected product...

9.8CVSS7.3AI score0.01175EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2015/12/08 12:0 a.m.24 views

FreeBSD : passenger -- client controlled header overwriting (84fdd1bb-9d37-11e5-8f5c-002590263bf5)

"Daniel Knoppel reports : It was discovered by the SUSE security team that it was possible, in some cases, for clients to overwrite headers set by the server, resulting in a medium level security issue. CVE-2015-7519 has been assigned to this issue. Affected use-cases : Header overwriting may occ...

4.3CVSS5.5AI score0.02364EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2006/10/31 12:0 a.m.33 views

GLSA-200610-15 : Asterisk: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200610-15 Asterisk: Multiple vulnerabilities Asterisk contains buffer overflows in channels/chanmgcp.c from the MGCP driver and in channels/chanskinny.c from the Skinny channel driver for Cisco SCCP phones. It also dangerously...

7.8CVSS6.4AI score0.84962EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2006/08/24 8:4 p.m.28 views

CVE-2006-4346

Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to 1 execute code via format string specifiers or 2 overwrite files via directory traversals involving unspecified vectors, as demonstrated by the...

7.5CVSS6.1AI score0.06349EPSS
Exploits0References1
OSV
OSV
added 2006/08/24 8:4 p.m.3 views

DEBIAN-CVE-2006-4346

Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to 1 execute code via format string specifiers or 2 overwrite files via directory traversals involving unspecified vectors, as demonstrated by the...

7.5CVSS7.2AI score0.06349EPSS
Exploits0References1
Rows per page
Query Builder