4 matches found
GO-2026-5636 Gotenberg has Unauthenticated RCE via ExifTool Metadata Key Injection in github.com/gotenberg/gotenberg
Gotenberg has Unauthenticated RCE via ExifTool Metadata Key Injection in github.com/gotenberg/gotenberg...
CVE-2026-42589 Gotenberg: Unauthenticated RCE via ExifTool Metadata Key Injection
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to ExifTool via the go-exiftool library. No validation is performed on key characters. A \n embedded i...
Server-Side Request Forgery via Filter Expression Keys in Neo4jVectorStore
spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter . When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store , doKey embeds the key into a backtick-delimited Cypher...
SUSE SLED15 / SLES15 Security Update : flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk (SUSE-SU-2021:1094-1)
This update for flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk fixes the following issues : libostree : Update to version 2020.8 Enable LTO. bsc1133120 This update contains scalability improvements and bugfixes. Caching-related HTTP headers are now supported on summaries and...