PT-2025-44044

Name of the Vulnerable Software and Affected Versions InventoryGui versions 1.6.3-SNAPSHOT and earlier Description InventoryGui, a library for creating chest GUIs for Bukkit/Spigot plugins, contains an issue where GUIs utilizing GuiStorageElement may allow item duplication when the experimental...

PT-2025-38752

Name of the Vulnerable Software and Affected Versions Authlib versions prior to 1.6.4 Description Authlib’s JWS verification improperly handles tokens declaring unknown critical header parameters crit, violating RFC 7515 specifications. An attacker can create a signed token with a critical header...

PT-2023-18531 · Kubepi · Kubepi

Name of the Vulnerable Software and Affected Versions: KubePi versions 1.6.3 and below Description: A session fixation attack allows an attacker to hijack a legitimate user session. This issue is related to a flaw in how the online application handles the session ID, particularly in susceptible w...

PT-2023-18530 · Kubepi · Kubepi

Name of the Vulnerable Software and Affected Versions: KubePi versions prior to 1.6.4 Description: The issue allows unauthorized access to system API interfaces, potentially leaking sensitive information. This is due to a flaw in how online applications handle routing permissions. There are no...