Lucene search
K

140 matches found

Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.8 views

PT-2025-44205

Name of the Vulnerable Software and Affected Versions Astro versions 5.13.4 through 5.13.9 Description Astro’s image proxy has a domain validation bypass issue. Using backslashes in the href parameter can circumvent the validation, enabling server-side requests to arbitrary URLs. This can result ...

7.2CVSS5.2AI score0.0032EPSS
Exploits1References12
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.7 views

Astro 代码问题漏洞

Astro is an Astro open source web framework for content-driven websites. A code issue vulnerability exists in Astro versions 5.13.4 through prior to 5.13.10, which stems from the use of a backslash in the href parameter to bypass image proxy domain validation, potentially leading to server-side...

7.2CVSS6.2AI score0.0032EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-18129

Malware in sbrugna...

8.1CVSS8.1AI score0.00724EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2006-3544

Malware in sbrugna...

5CVSS6.1AI score0.02354EPSS
Exploits1References16
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2025-27471

Malicious code in bioql PyPI...

8.6CVSS6.4AI score0.00633EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-45577

Malicious code in bioql PyPI...

9.1CVSS9AI score0.00717EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.17 views

EUVD-2022-1715

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00882EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-53001

Malicious code in bioql PyPI...

8.6CVSS6.5AI score0.00591EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2025-27467

Malicious code in bioql PyPI...

9.1CVSS6.4AI score0.00765EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/09/11 8:27 p.m.9 views

CVE-2025-58762

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. In Tautulli v2.15.3 and earlier, an attacker with administrative access can use the pmsimageproxy endpoint to write arbitrary python scripts into the application filesystem. This leads to remote code execution when...

9.1CVSS7.8AI score0.00765EPSS
Exploits1References1
NVD
NVD
added 2025/09/09 8:15 p.m.10 views

CVE-2025-58762

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. In Tautulli v2.15.3 and earlier, an attacker with administrative access can use the pmsimageproxy endpoint to write arbitrary python scripts into the application filesystem. This leads to remote code execution when...

9.1CVSS0.00765EPSS
Exploits1References2
CVE
CVE
added 2025/09/09 8:8 p.m.22 views

CVE-2025-58762

CVE-2025-58762 affects Tautulli

9.1CVSS7.4AI score0.00765EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/09/09 8:8 p.m.5 views

CVE-2025-58762 Tautulli vulnerable to Authenticated Remote Code Execution via write primitive and `Script` notification agent

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. In Tautulli v2.15.3 and earlier, an attacker with administrative access can use the pmsimageproxy endpoint to write arbitrary python scripts into the application filesystem. This leads to remote code execution when...

9.1CVSS7.6AI score0.00765EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/09/09 8:8 p.m.4 views

CVE-2025-58762 Tautulli vulnerable to Authenticated Remote Code Execution via write primitive and `Script` notification agent

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. In Tautulli v2.15.3 and earlier, an attacker with administrative access can use the pmsimageproxy endpoint to write arbitrary python scripts into the application filesystem. This leads to remote code execution when...

9.1CVSS7.5AI score0.00765EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/09/09 8:8 p.m.23 views

CVE-2025-58762 Tautulli vulnerable to Authenticated Remote Code Execution via write primitive and `Script` notification agent

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. In Tautulli v2.15.3 and earlier, an attacker with administrative access can use the pmsimageproxy endpoint to write arbitrary python scripts into the application filesystem. This leads to remote code execution when...

9.1CVSS0.00765EPSS
Exploits1References2
OSV
OSV
added 2025/09/09 7:59 p.m.6 views

CVE-2025-58761 Tautulli vulnerable to Unauthenticated Path Traversal in `real_pms_image_proxy`

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. The realpmsimageproxy endpoint in Tautulli v2.15.3 and prior is vulnerable to path traversal, allowing unauthenticated attackers to read arbitrary files from the application server's filesystem. The realpmsimageproxy i...

8.6CVSS6.9AI score0.00633EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.9 views

Tautulli 安全漏洞

Tautulli is an application used to monitor the Plex Media Server media server. A security vulnerability exists in Tautulli 2.15.3 and earlier versions, which stems from a file write issue in the pmsimageproxy endpoint that could lead to remote code execution...

9.1CVSS7.6AI score0.00765EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/09/02 12:2 a.m.3 views

CVE-2025-9805 SimStudioAI sim route.ts server-side request forgery

A vulnerability was found in SimStudioAI sim up to 51b1e97fa22c48d144aef75f8ca31a74ad2cfed2. This issue affects some unknown processing of the file apps/sim/app/api/proxy/image/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit...

6.5CVSS6AI score0.00261EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/05/23 2:25 a.m.5 views

CVE-2023-27592

Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to...

5.4CVSS7.2AI score0.00586EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:16 p.m.8 views

CVE-2022-1337

The image proxy component in Mattermost version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which allows an authenticated attacker to crash the server via links to very large image files...

6.5CVSS6.6AI score0.00882EPSS
Exploits0References1
Rows per page
Query Builder