140 matches found
PT-2025-44205
Name of the Vulnerable Software and Affected Versions Astro versions 5.13.4 through 5.13.9 Description Astro’s image proxy has a domain validation bypass issue. Using backslashes in the href parameter can circumvent the validation, enabling server-side requests to arbitrary URLs. This can result ...
Astro 代码问题漏洞
Astro is an Astro open source web framework for content-driven websites. A code issue vulnerability exists in Astro versions 5.13.4 through prior to 5.13.10, which stems from the use of a backslash in the href parameter to bypass image proxy domain validation, potentially leading to server-side...
EUVD-2021-18129
Malware in sbrugna...
EUVD-2006-3544
Malware in sbrugna...
EUVD-2025-27471
Malicious code in bioql PyPI...
EUVD-2023-45577
Malicious code in bioql PyPI...
EUVD-2022-1715
Malicious code in bioql PyPI...
EUVD-2024-53001
Malicious code in bioql PyPI...
EUVD-2025-27467
Malicious code in bioql PyPI...
CVE-2025-58762
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. In Tautulli v2.15.3 and earlier, an attacker with administrative access can use the pmsimageproxy endpoint to write arbitrary python scripts into the application filesystem. This leads to remote code execution when...
CVE-2025-58762
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. In Tautulli v2.15.3 and earlier, an attacker with administrative access can use the pmsimageproxy endpoint to write arbitrary python scripts into the application filesystem. This leads to remote code execution when...
CVE-2025-58762
CVE-2025-58762 affects Tautulli
CVE-2025-58762 Tautulli vulnerable to Authenticated Remote Code Execution via write primitive and `Script` notification agent
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. In Tautulli v2.15.3 and earlier, an attacker with administrative access can use the pmsimageproxy endpoint to write arbitrary python scripts into the application filesystem. This leads to remote code execution when...
CVE-2025-58762 Tautulli vulnerable to Authenticated Remote Code Execution via write primitive and `Script` notification agent
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. In Tautulli v2.15.3 and earlier, an attacker with administrative access can use the pmsimageproxy endpoint to write arbitrary python scripts into the application filesystem. This leads to remote code execution when...
CVE-2025-58762 Tautulli vulnerable to Authenticated Remote Code Execution via write primitive and `Script` notification agent
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. In Tautulli v2.15.3 and earlier, an attacker with administrative access can use the pmsimageproxy endpoint to write arbitrary python scripts into the application filesystem. This leads to remote code execution when...
CVE-2025-58761 Tautulli vulnerable to Unauthenticated Path Traversal in `real_pms_image_proxy`
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. The realpmsimageproxy endpoint in Tautulli v2.15.3 and prior is vulnerable to path traversal, allowing unauthenticated attackers to read arbitrary files from the application server's filesystem. The realpmsimageproxy i...
Tautulli 安全漏洞
Tautulli is an application used to monitor the Plex Media Server media server. A security vulnerability exists in Tautulli 2.15.3 and earlier versions, which stems from a file write issue in the pmsimageproxy endpoint that could lead to remote code execution...
CVE-2025-9805 SimStudioAI sim route.ts server-side request forgery
A vulnerability was found in SimStudioAI sim up to 51b1e97fa22c48d144aef75f8ca31a74ad2cfed2. This issue affects some unknown processing of the file apps/sim/app/api/proxy/image/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit...
CVE-2023-27592
Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to...
CVE-2022-1337
The image proxy component in Mattermost version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which allows an authenticated attacker to crash the server via links to very large image files...