SUSE CVE-2025-70849

Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy CSP or adequate Content-Type validation, leading to Stored...

GHSA-MW8W-Q3F7-2V85 Podinfo affected by Arbitrary File Upload that leads to Stored Cross-Site Scripting (XSS)

Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy CSP or adequate Content-Type validation, leading to Stored...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the store endpoint. An attacker can execute arbitrary scripts in the context of users by uploading specially crafted files that are rendered without proper content validation. Remediation There is no fixed...

Podinfo affected by Arbitrary File Upload that leads to Stored Cross-Site Scripting (XSS)

Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy CSP or adequate Content-Type validation, leading to Stored...

CVE-2025-70849

Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy CSP or adequate Content-Type validation, leading to Stored...

CVE-2025-70849

Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy CSP or adequate Content-Type validation, leading to Stored...

Exploit for CVE-2025-70849

CVE-2025-70849-Podinf...

PT-2026-5988

Name of the Vulnerable Software and Affected Versions podinfo versions through 6.9.0 Description An issue exists in podinfo that allows unauthenticated attackers to upload arbitrary files through a crafted POST request to the /store endpoint. The application renders uploaded content without a...

CVE-2025-70849

Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy CSP or adequate Content-Type validation, leading to Stored...

📄 Podinfo 6.10.0 Cross Site Scripting

Podinfo versions 6.10.0 and below suffer from a cross site scripting vulnerability. CVE-2025-70849: Stored XSS in Podinfo Summary A security vulnerability CWE-79 was identified in Podinfo, a web application for demonstrating Kubernetes microservices. The /store feature allows unauthenticated user...

CVE-2025-70849

Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy CSP or adequate Content-Type validation, leading to Stored...

EUVD-2025-206697

Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy CSP or adequate Content-Type validation, leading to Stored...

CVE-2023-27707

SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank parameter in the /dede/groupstore.php endpoint...

Information Exposure

Overview shopware/core is a Shopware platform is the core for all Shopware ecommerce products. Affected versions of this package are vulnerable to Information Exposure via the store-api endpoint. An attacker can determine if an email address is registered by observing the response from the...

Information Exposure

Overview shopware/platform is a Shopware e-commerce core. Affected versions of this package are vulnerable to Information Exposure via the store-api endpoint. An attacker can determine if an email address is registered by observing the response from the /store-api/account/recovery-password...

pgAdmin 跨站脚本漏洞

pgAdmin is an open source management and development platform for the open source database PostgreSQL. A cross-site scripting vulnerability exists in pgAdmin 8.5 and earlier versions, which stems from a cross-site scripting vulnerability in the /settings/store endpoint that responds to a json loa...

PT-2024-20842 · Unknown · Niushop B2B2C

Name of the Vulnerable Software and Affected Versions: Niushop B2B2C V5 affected versions not specified Description: The issue allows attackers to run arbitrary SQL commands via latitude and longitude parameters in the /app/api/controller/Store.php endpoint. This enables potential exploitation fo...