134 matches found
CVE-2026-45402
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, multiple endpoints accept a user-supplied fileid and attach the referenced file to a resource the caller controls folder knowledge, knowledge-base contents without verifying that the...
Vikunja has SSRF via Todoist/Trello Migration File Attachment URLs that Allows Reading Internal Network Resources
The migration helper functions DownloadFile and DownloadFileWithHeaders in pkg/modules/migration/helpers.go make arbitrary HTTP GET requests without any SSRF protection. When a user triggers a Todoist or Trello migration, file attachment URLs from the third-party API response are passed directly ...
CVE-2026-1251 SupportCandy – Helpdesk & Customer Support Ticket System <= 3.4.4 - Authenticated (Subscriber+) Insecure Direct Object Reference
The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.4 via the 'addreply' function due to missing validation on a user controlled key. This makes it possible for authenticated...
Gitea security vulnerabilities
Gitea is a lightweight Git service developed using Go language in the Gitea community. Gitea has a security vulnerability that stems from the improper verification of repository ownership when attaching files to released versions. This vulnerability may allow unauthorized users to access files...
EUVD-2014-8568
Malware in sbrugna...
EUVD-2002-2207
Malware in sbrugna...
EUVD-2018-5332
Malware in sbrugna...
EUVD-2008-1011
Malware in sbrugna...
EUVD-2020-7237
Malware in sbrugna...
EUVD-2019-16755
Malware in sbrugna...
EUVD-2016-3507
Malware in sbrugna...
EUVD-2023-32155
Malicious code in bioql PyPI...
EUVD-2021-7560
Malicious code in bioql PyPI...
EUVD-2024-54389
Malicious code in bioql PyPI...
EUVD-2021-7561
Malicious code in bioql PyPI...
EUVD-2025-5890
Malicious code in bioql PyPI...
EUVD-2022-46992
Malicious code in bioql PyPI...
EUVD-2025-5904
Malicious code in bioql PyPI...
PT-2025-34365 · Liveshare · Mindmanager
Name of the Vulnerable Software and Affected Versions: MindManager versions prior to 24.1.150 Description: In MindManager for Windows, a directory traversal issue allows attackers to potentially write to unexpected directories on a victim’s machine. This occurs when a user opens file attachments...
CVE-2024-56179
In MindManager Windows versions prior to 24.1.150, attackers could potentially write to unexpected directories in victims' machines via directory traversal if victims opened file attachments located in malicious mmap files...