39 matches found
EUVD-2025-25710
Malicious code in bioql PyPI...
EUVD-2025-21541
Malicious code in bioql PyPI...
EUVD-2025-29761
Malicious code in bioql PyPI...
CVE-2025-59416
The Scratch Channel is a news website. If the user makes a fork, they can change the admins and make an article. Since the API uses a POST request, it will make an article. This issue is fixed in v1.2...
CVE-2025-59416
The Scratch Channel is a news website. If the user makes a fork, they can change the admins and make an article. Since the API uses a POST request, it will make an article. This issue is fixed in v1.2...
CVE-2025-59416 The Scratch Channel forks can publish articles
The Scratch Channel is a news website. If the user makes a fork, they can change the admins and make an article. Since the API uses a POST request, it will make an article. This issue is fixed in v1.2...
CVE-2025-59416 The Scratch Channel forks can publish articles
The Scratch Channel is a news website. If the user makes a fork, they can change the admins and make an article. Since the API uses a POST request, it will make an article. This issue is fixed in v1.2...
CVE-2025-59416
CVE-2025-59416 affects The Scratch Channel web application. The vulnerability arises from the API’s POST handling, which can be abused by a user with fork privileges to alter administrators and publish articles without proper permission checks. This could allow arbitrary article creation and admi...
CVE-2025-59416 The Scratch Channel forks can publish articles
The Scratch Channel is a news website. If the user makes a fork, they can change the admins and make an article. Since the API uses a POST request, it will make an article. This issue is fixed in v1.2...
The Scratch Channel 安全漏洞
The Scratch Channel is a project site of The Scratch Channel open source. A security vulnerability exists in versions of The Scratch Channel prior to 1.2, which stems from the API's failure to validate user permissions when using a POST request, which could lead to arbitrary article creation and...
PT-2025-38255
Name of the Vulnerable Software and Affected Versions: The Scratch Channel versions prior to 1.2 Description: The Scratch Channel is a news website where a user with fork privileges can modify administrators and create articles via a POST request to the API. Recommendations: Update to version 1.2...
CVE-2025-57805
The Scratch Channel is a news website. In versions 1 and 1.1, a POST request to the endpoint used to publish articles, can be used to post an article in any category with any date, regardless of who's logged in. This issue has been patched in version 1.2...
CVE-2025-57805 The Scratch Channel's Publish Articles POST Request Can Upload Articles Without Validation
The Scratch Channel is a news website. In versions 1 and 1.1, a POST request to the endpoint used to publish articles, can be used to post an article in any category with any date, regardless of who's logged in. This issue has been patched in version 1.2...
CVE-2025-57805
CVE-2025-57805 affects The Scratch Channel web platform. In versions 1 and 1.1, a POST to the article-publishing endpoint allows posting articles in any category with any date, regardless of login status, indicating an authorization bypass in the publish workflow. The issue has been patched in ve...
CVE-2025-57805 The Scratch Channel's Publish Articles POST Request Can Upload Articles Without Validation
The Scratch Channel is a news website. In versions 1 and 1.1, a POST request to the endpoint used to publish articles, can be used to post an article in any category with any date, regardless of who's logged in. This issue has been patched in version 1.2...
CVE-2025-57805 The Scratch Channel's Publish Articles POST Request Can Upload Articles Without Validation
The Scratch Channel is a news website. In versions 1 and 1.1, a POST request to the endpoint used to publish articles, can be used to post an article in any category with any date, regardless of who's logged in. This issue has been patched in version 1.2...
CVE-2025-55301
The Scratch Channel is a news website. In version 1, it is possible to go to application in devtools and click local storage to edit the account's username locally. This issue has been patched in version 1.1...
CVE-2025-55301 The Scratch Channel Allows Username Modification
The Scratch Channel is a news website. In version 1, it is possible to go to application in devtools and click local storage to edit the account's username locally. This issue has been patched in version 1.1...
CVE-2025-55301 The Scratch Channel Allows Username Modification
The Scratch Channel is a news website. In version 1, it is possible to go to application in devtools and click local storage to edit the account's username locally. This issue has been patched in version 1.1...
CVE-2025-55301
The Scratch Channel CVE-2025-55301 affects version 1 of The Scratch Channel (the news site) where localStorage can be manipulated via the browser DevTools to edit the account username locally. This is a client-side storage integrity issue occurring in version 1; it was addressed in version 1.1. T...