26 matches found
CVE-2026-22561
CVE-2026-22561 concerns Anthropic Claude for Windows installer (Claude Setup.exe). The vulnerability arises from Uncontrolled search path elements, where the installer loads DLLs (e.g., profapi.dll) from its own directory after UAC elevation, enabling local privilege escalation via DLL search-ord...
CVE-2026-21868
Flag Forge is a Capture The Flag CTF platform. Versions 2.3.2 and below have a Regular Expression Denial of Service ReDoS vulnerability in the user profile API endpoint /api/user/username. The application constructs a regular expression dynamically using unescaped user input the username paramete...
CVE-2026-21868
CVE-2026-21868 affects Flag Forge, specifically versions 2.3.2 and earlier. The vulnerability is a Regular Expression Denial of Service (ReDoS) in the user profile API endpoint /api/user/[username], where the application builds a regex dynamically from the unescaped username input. An attacker ca...
CVE-2026-21868 Flag Forge has ReDoS Vulnerability in User Profile Lookup API
Flag Forge is a Capture The Flag CTF platform. Versions 2.3.2 and below have a Regular Expression Denial of Service ReDoS vulnerability in the user profile API endpoint /api/user/username. The application constructs a regular expression dynamically using unescaped user input the username paramete...
Flag Forge 安全漏洞
Flag Forge is an easy-to-use CTF platform open-sourced by FlagForge. A security vulnerability exists in Flag Forge 2.3.2 and earlier versions that stems from a regular expression denial of service issue in the user profile API endpoint...
PT-2025-38623
Name of the Vulnerable Software and Affected Versions Tandoor Recipes versions 2.0.0-alpha-1 Description Tandoor Recipes 2.0.0-alpha-1 is susceptible to privilege escalation. This issue stems from a rework of the API, specifically within the User Profile API Endpoint. The endpoint contains two...
CVE-2025-4175
A vulnerability, which was classified as critical, was found in AlanBinu007 Spring-Boot-Advanced-Projects up to 3.1.3. This affects the function uploadUserProfileImage of the file...
CVE-2025-4175
A vulnerability, which was classified as critical, was found in AlanBinu007 Spring-Boot-Advanced-Projects up to 3.1.3. This affects the function uploadUserProfileImage of the file...
CVE-2025-4175 AlanBinu007 Spring-Boot-Advanced-Projects Upload Profile API Endpoint UserProfileController.java uploadUserProfileImage path traversal
A vulnerability, which was classified as critical, was found in AlanBinu007 Spring-Boot-Advanced-Projects up to 3.1.3. This affects the function uploadUserProfileImage of the file...
CVE-2025-4175
CVE-2025-4175 affects AlanBinu007 Spring-Boot-Advanced-Projects up to 3.1.3. The vulnerability is in the function uploadUserProfileImage of the file UserProfileController.java within the Upload Profile API Endpoint. Manipulation of the File argument leads to a path traversal, enabling a remote at...
CVE-2025-4175 AlanBinu007 Spring-Boot-Advanced-Projects Upload Profile API Endpoint UserProfileController.java uploadUserProfileImage path traversal
A vulnerability, which was classified as critical, was found in AlanBinu007 Spring-Boot-Advanced-Projects up to 3.1.3. This affects the function uploadUserProfileImage of the file...
PT-2025-18711 · Alanbinu007 · Spring-Boot-Advanced-Projects
Name of the Vulnerable Software and Affected Versions: AlanBinu007 Spring-Boot-Advanced-Projects versions up to 3.1.3 Description: A critical vulnerability was found in AlanBinu007 Spring-Boot-Advanced-Projects, affecting the function uploadUserProfileImage of the file...
CVE-2024-50362
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The source of the vulnerability relies on...
BIT-ELASTICSEARCH-2021-22135
Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document level security is enabled ...
Malicious code in ent-profile-api-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f9c39ae8dadaf1b8ac82e8e1f7b312d04c58cb2a208ba535221cae3bac7ae787 The OpenSSF Package Analysis project identified 'ent-profile-api-client' @ 9.3.1 npm as malicious. It is considered malicious because: - The...
MAL-2024-1026 Malicious code in ent-profile-api-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f9c39ae8dadaf1b8ac82e8e1f7b312d04c58cb2a208ba535221cae3bac7ae787 The OpenSSF Package Analysis project identified 'ent-profile-api-client' @ 9.3.1 npm as malicious. It is considered malicious because: - The...
CVE-2023-37600
Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting XSS vulnerability via the id parameter at /api?path=profile...
CVE-2021-22135
Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document level security is enabled ...
GHSA-62WW-4P3P-7FHJ API information disclosure flaw in Elasticsearch
Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document level security is enabled ...
CVE-2021-22135
Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document level security is enabled ...