268 matches found
DEBIAN-CVE-2025-27154
Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...
UBUNTU-CVE-2025-27154
Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...
CVE-2025-27154 Spotipy's cache file, containing spotify auth token, is created with overly broad permissions
Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...
CVE-2025-27154 Spotipy's cache file, containing spotify auth token, is created with overly broad permissions
Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...
Spotipy 安全漏洞
Spotipy is the spotipy-dev individual developer's lightweight Python library for the Spotify Web API. A security vulnerability exists in Spotipy versions prior to 2.25.1, which stems from the CacheHandler class creating a cache file with overly lax permissions, which could lead to the disclosure ...
Luigi 安全漏洞
Luigi is a Python package open-sourced by Spotify that helps build complex pipelines of batch jobs. A security vulnerability exists in Luigi versions prior to 3.6.0, which stems from incorrect validation of the destination file path in the extractpackagesarchive function, leaving it vulnerable to...
CVE-2024-11192
The Spotify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's spotifyplaybutton shortcode in all versions up to, and including, 2.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-11192 Spotify Play Button for WordPress <= 2.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via spotifyplaybutton Shortcode
The Spotify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's spotifyplaybutton shortcode in all versions up to, and including, 2.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-11192
CVE-2024-11192 affects the Spotify Play Button for WordPress plugin (WordPress) up to version 2.11, where stored XSS via the spotifyplaybutton shortcode arises from insufficient input sanitization and output escaping of user-supplied attributes. Authenticated attackers with contributor+ access ca...
CVE-2024-11192 Spotify Play Button for WordPress <= 2.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via spotifyplaybutton Shortcode
The Spotify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's spotifyplaybutton shortcode in all versions up to, and including, 2.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
WordPress plugin Spotify Play Button 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2024-16809 · WordPress · Spotify Play Button
Name of the Vulnerable Software and Affected Versions: Spotify Play Button for WordPress plugin versions up to and including 2.11 Description: The issue concerns Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the...
WordPress Sp*tify Play Button for WordPress plugin <= 2.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via spotifyplaybutton Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via spotifyplaybutton Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Sptify Play Button for WordPress versions = 2.11...
CVE-2024-42011
The Spotify app 8.9.58 for iOS has a buffer overflow in its use of strcat...
CVE-2024-42011
The CVE-2024-42011 entry concerns the Spotify iOS app version 8.9.58, where a buffer overflow in the use of strcat is identified. The vulnerability affects the app’s runtime on iOS; the CVSS v3.1 metrics indicate a High impact with availability impact (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Exploi...
Spotify 安全漏洞
Spotify is an online music streaming platform from the Swedish company Spotify. A security vulnerability exists in Spotify version 8.9.58, which stems from the presence of a buffer overflow...
CVE-2024-42011
The Spotify app 8.9.58 for iOS has a buffer overflow in its use of strcat...
CVE-2024-42011
The Spotify app 8.9.58 for iOS has a buffer overflow in its use of strcat...
CVE-2024-10189 Anchor Episodes Index (Spotify for Podcasters) <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via anchor_episodes Shortcode
The Anchor Episodes Index Spotify for Podcasters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's anchorepisodes shortcode in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2024-10189 Anchor Episodes Index (Spotify for Podcasters) <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via anchor_episodes Shortcode
The Anchor Episodes Index Spotify for Podcasters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's anchorepisodes shortcode in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This...