114 matches found
Bugsink 安全漏洞
Bugsink is an open-source, self-hosted bug tracking software developed by Bugsink. Versions of Bugsink prior to 2.2.0 contained security vulnerabilities. These vulnerabilities stemmed from the source mapping and debugging file searching mechanisms, which did not limit the scope of the projects. A...
CVE-2026-26098
Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request...
CVE-2026-26098
Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request...
CVE-2026-26097 Uncontrolled Search Path Element in Owl opds
Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request...
CVE-2026-26097
Owl opds 2.2.0.4 is affected by CVE-2026-26097, which concerns an Uncontrolled Search Path Element that can leverage/manipulate configuration file search paths via a crafted network request. The CVSS metrics indicate a HIGH impact across confidentiality, integrity, and availability, with a LOCAL ...
CVE-2025-15585
Fileflows versions before 25.05.2 are affected by an authenticated SQL injection vulnerability in the library-file search function. Successful exploitation requires the system to use MySQL as the underlying database and could result in privilege escalation or data exfiltration...
CVE-2025-15585
Fileflows versions before 25.05.2 are affected by an authenticated SQL injection vulnerability in the library-file search function. Successful exploitation requires the system to use MySQL as the underlying database and could result in privilege escalation or data exfiltration...
CVE-2025-15585
Fileflows CVE-2025-15585 affects Fileflows versions before 25.05.2. An authenticated SQL injection flaw exists in the library-file search function when using MySQL as the backend database. Successful exploitation could lead to privilege escalation or data exfiltration. No exploitation details are...
CVE-2025-69220
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. An authenticated attacker with access to the agent ID can change the behavior of arbitrary agents by uploading new files to t...
CVE-2025-23867
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in markcoker WordPress File Search wpfilesearch allows Reflected XSS.This issue affects WordPress File Search: from n/a through = 1.2...
CVE-2025-69220
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. An authenticated attacker with access to the agent ID can change the behavior of arbitrary agents by uploading new files to t...
EUVD-2025-206261
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. An authenticated attacker with access to the agent ID can change the behavior of arbitrary agents by uploading new files to t...
CVE-2025-69220
LibreChat (version 0.8.1-rc2) is vulnerable to insufficient access control for file uploads in an agent’s file context and file search. An authenticated attacker who knows an agent ID can modify the behavior of arbitrary agents by uploading files, even without permissions for that agent. The issu...
CVE-2025-69220 LibreChat has Insufficient Access Control for Agent Files
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. An authenticated attacker with access to the agent ID can change the behavior of arbitrary agents by uploading new files to t...
CVE-2025-69220 LibreChat has Insufficient Access Control for Agent Files
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. An authenticated attacker with access to the agent ID can change the behavior of arbitrary agents by uploading new files to t...
Modern Shop - PHP eCommerce Platform 代码注入漏洞
Modern Shop - PHP eCommerce Platform is an online shopping mall website by ABHIRAM B Individual Developer. A code injection vulnerability exists in Modern Shop - PHP eCommerce Platform version 20250922, which stems from an incorrect manipulation of the parameter q in file/search and could lead to...
EUVD-2007-4417
Malware in sbrugna...
EUVD-2011-5056
Malware in sbrugna...
EUVD-2024-1340
Malicious code in bioql PyPI...
EUVD-2025-3488
Malicious code in bioql PyPI...