Lucene search
K

268 matches found

OSV
OSV
added 2025/02/27 2:15 p.m.3 views

DEBIAN-CVE-2025-27154

Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...

9.8CVSS6.9AI score0.00589EPSS
Exploits1References1
OSV
OSV
added 2025/02/27 2:15 p.m.9 views

UBUNTU-CVE-2025-27154

Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...

9.8CVSS5.7AI score0.00589EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/02/27 1:53 p.m.6 views

CVE-2025-27154 Spotipy's cache file, containing spotify auth token, is created with overly broad permissions

Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...

8.4CVSS6.3AI score0.00589EPSS
Exploits1References4
OSV
OSV
added 2025/02/27 1:53 p.m.8 views

CVE-2025-27154 Spotipy's cache file, containing spotify auth token, is created with overly broad permissions

Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...

8.4CVSS6.6AI score0.00589EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/02/27 12:0 a.m.14 views

Spotipy 安全漏洞

Spotipy is the spotipy-dev individual developer's lightweight Python library for the Spotify Web API. A security vulnerability exists in Spotipy versions prior to 2.25.1, which stems from the CacheHandler class creating a cache file with overly lax permissions, which could lead to the disclosure ...

9.8CVSS6.8AI score0.00589EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/12/10 12:0 a.m.2 views

Luigi 安全漏洞

Luigi is a Python package open-sourced by Spotify that helps build complex pipelines of batch jobs. A security vulnerability exists in Luigi versions prior to 3.6.0, which stems from incorrect validation of the destination file path in the extractpackagesarchive function, leaving it vulnerable to...

8.6CVSS6.6AI score0.01096EPSS
Exploits0References5
NVD
NVD
added 2024/11/26 9:15 a.m.35 views

CVE-2024-11192

The Spotify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's spotifyplaybutton shortcode in all versions up to, and including, 2.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00408EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/11/26 8:31 a.m.29 views

CVE-2024-11192 Spotify Play Button for WordPress <= 2.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via spotifyplaybutton Shortcode

The Spotify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's spotifyplaybutton shortcode in all versions up to, and including, 2.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00408EPSS
Exploits0References5
CVE
CVE
added 2024/11/26 8:31 a.m.55 views

CVE-2024-11192

CVE-2024-11192 affects the Spotify Play Button for WordPress plugin (WordPress) up to version 2.11, where stored XSS via the spotifyplaybutton shortcode arises from insufficient input sanitization and output escaping of user-supplied attributes. Authenticated attackers with contributor+ access ca...

6.4CVSS5.8AI score0.00408EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/11/26 8:31 a.m.10 views

CVE-2024-11192 Spotify Play Button for WordPress <= 2.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via spotifyplaybutton Shortcode

The Spotify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's spotifyplaybutton shortcode in all versions up to, and including, 2.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.7AI score0.00408EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/11/26 12:0 a.m.3 views

WordPress plugin Spotify Play Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS7.8AI score0.00408EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/11/26 12:0 a.m.5 views

PT-2024-16809 · WordPress · Spotify Play Button

Name of the Vulnerable Software and Affected Versions: Spotify Play Button for WordPress plugin versions up to and including 2.11 Description: The issue concerns Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the...

6.4CVSS6.2AI score0.00408EPSS
Exploits0References7
Patchstack
Patchstack
added 2024/11/25 9:43 p.m.6 views

WordPress Sp*tify Play Button for WordPress plugin <= 2.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via spotifyplaybutton Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via spotifyplaybutton Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Sptify Play Button for WordPress versions = 2.11...

6.4CVSS5.8AI score0.00408EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/10/28 9:15 p.m.6 views

CVE-2024-42011

The Spotify app 8.9.58 for iOS has a buffer overflow in its use of strcat...

7.5CVSS0.00596EPSS
Exploits0References2
CVE
CVE
added 2024/10/28 12:0 a.m.36 views

CVE-2024-42011

The CVE-2024-42011 entry concerns the Spotify iOS app version 8.9.58, where a buffer overflow in the use of strcat is identified. The vulnerability affects the app’s runtime on iOS; the CVSS v3.1 metrics indicate a High impact with availability impact (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Exploi...

7.5CVSS7.5AI score0.00596EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/28 12:0 a.m.4 views

Spotify 安全漏洞

Spotify is an online music streaming platform from the Swedish company Spotify. A security vulnerability exists in Spotify version 8.9.58, which stems from the presence of a buffer overflow...

7.5CVSS7.1AI score0.00596EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/28 12:0 a.m.15 views

CVE-2024-42011

The Spotify app 8.9.58 for iOS has a buffer overflow in its use of strcat...

0.00596EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/28 12:0 a.m.12 views

CVE-2024-42011

The Spotify app 8.9.58 for iOS has a buffer overflow in its use of strcat...

7.2AI score0.00596EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/22 9:32 a.m.15 views

CVE-2024-10189 Anchor Episodes Index (Spotify for Podcasters) <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via anchor_episodes Shortcode

The Anchor Episodes Index Spotify for Podcasters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's anchorepisodes shortcode in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS5.9AI score0.00295EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/22 9:32 a.m.25 views

CVE-2024-10189 Anchor Episodes Index (Spotify for Podcasters) <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via anchor_episodes Shortcode

The Anchor Episodes Index Spotify for Podcasters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's anchorepisodes shortcode in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS0.00295EPSS
Exploits0References3
Rows per page
Query Builder