51 matches found
CVE-2026-45083
The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. From 4.8.0 to before 26.04.1, the Goobi viewer REST endpoint POST /api/v1/index/stream accepted an arbitrary Solr streaming expression from unauthenticated network clients and forwarded it to th...
CVE-2026-45083
The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. From 4.8.0 to before 26.04.1, the Goobi viewer REST endpoint POST /api/v1/index/stream accepted an arbitrary Solr streaming expression from unauthenticated network clients and forwarded it to th...
CVE-2026-45083
The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. From 4.8.0 to before 26.04.1, the Goobi viewer REST endpoint POST /api/v1/index/stream accepted an arbitrary Solr streaming expression from unauthenticated network clients and forwarded it to th...
EUVD-2026-32668
The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. From 4.8.0 to before 26.04.1, the Goobi viewer REST endpoint POST /api/v1/index/stream accepted an arbitrary Solr streaming expression from unauthenticated network clients and forwarded it to th...
CVE-2026-45083
Goobi viewer (4.8.0–26.04.0/1) exposed a vulnerable REST endpoint POST /api/v1/index/stream that accepted arbitrary Solr streaming expressions from unauthenticated clients and forwarded them to the backend Solr server without restriction. This allowed reading the complete Solr index and, in defau...
CVE-2026-45083 Goobi viewer: Unauthenticated Solr Streaming Expression Proxy
The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. From 4.8.0 to before 26.04.1, the Goobi viewer REST endpoint POST /api/v1/index/stream accepted an arbitrary Solr streaming expression from unauthenticated network clients and forwarded it to th...
CVE-2026-45083 Goobi viewer: Unauthenticated Solr Streaming Expression Proxy
The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. From 4.8.0 to before 26.04.1, the Goobi viewer REST endpoint POST /api/v1/index/stream accepted an arbitrary Solr streaming expression from unauthenticated network clients and forwarded it to th...
Goobi viewer - Core 访问控制错误漏洞
Goobi Viewer - Core is a digital data display and browsing web application framework developed by intranda GmbH. In versions 4.8.0 to 26.04.1 of Goobi Viewer - Core, there was an access control vulnerability. This vulnerability stemmed from REST endpoints accepting arbitrary Solr stream expressio...
GHSA-2RGP-F66F-4499 Goobi viewer - Core: Unauthenticated Solr Streaming Expression Proxy
Summary The Goobi viewer REST endpoint POST /api/v1/index/stream accepted an arbitrary Solr streaming expression from unauthenticated network clients and forwarded it to the backend Solr server without restriction. An attacker could read the complete Solr index and, in default Solr deployments,...
Goobi viewer - Core: Unauthenticated Solr Streaming Expression Proxy
Summary The Goobi viewer REST endpoint POST /api/v1/index/stream accepted an arbitrary Solr streaming expression from unauthenticated network clients and forwarded it to the backend Solr server without restriction. An attacker could read the complete Solr index and, in default Solr deployments,...
PT-2026-40722
Name of the Vulnerable Software and Affected Versions Goobi viewer versions 4.8.0 through 26.04.0 Description The REST endpoint "POST /api/v1/index/stream" accepts arbitrary Solr streaming expressions from unauthenticated network clients and forwards them to the backend Solr server without...
CVE-2023-29016
The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when using nicknames. An attacker could create a user account and enter malicious scripts int...
EUVD-2020-7226
Malware in sbrugna...
EUVD-2023-1210
Malicious code in bioql PyPI...
EUVD-2023-1232
Malicious code in bioql PyPI...
EUVD-2023-1163
Malicious code in bioql PyPI...
CVE-2023-29015
The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core prior to version 23.03. An attacker could create a specially crafted comment, resulting ...
CVE-2023-29014
The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A reflected cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when evaluating the LOGID parameter. An attacker could trick a user into following ...
CVE-2020-15124
In Goobi Viewer Core before version 4.8.3, a path traversal vulnerability allows for remote attackers to access files on the server via the application. This is limited to files accessible to the application server user, eg. tomcat, but can potentially lead to the disclosure of sensitive...
GHSA-7V7G-9VX6-VCG2 Goobi viewer Core Reflected Cross-Site Scripting Vulnerability Using LOGID Parameter
Impact A reflected cross-site scripting vulnerability has been identified in Goobi viewer core when evaluating the LOGID parameter. An attacker could trick a user into following a specially crafted link to a Goobi viewer installation, resulting in the execution of malicious script code in the...