6 matches found
CVE-2026-59180
A flaw was found in Apprise, an open-source library for sending notifications. HTTP-based notification plugins and HTTP attachment and configuration loaders in Apprise, prior to version 1.11.0, automatically follow HTTP redirects. During these redirects, user-configured authentication headers and...
Improper Output Neutralization for Logs
Overview morgan is a HTTP request logger middleware for node.js. Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the :remote-user token, which extracts the Basic auth username from the Authorization header and writes it to the log stream without...
Improper Validation of Specified Type of Input
Overview github.com/mattermost/mattermost-plugin-calls is a package for voice calling and screen sharing functionality in Mattermost channels. Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via the WebSocket request handling. An attacker can cau...
Cross-site Request Forgery (CSRF)
Overview github.com/mattermost/mattermost-plugin-calls/server is a package that enables voice calling and screen sharing functionality in Mattermost channels Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the Calls widget page. An attacker can initiate cal...
Command Injection
Overview job-iteration is a package that makes your background jobs interruptible and resumable. Affected versions of this package are vulnerable to Command Injection via the CsvEnumerator class. An attacker can execute arbitrary system commands by supplying untrusted input to methods that proces...
Information Exposure Through an Error Message
Overview Affected versions of this package are vulnerable to Information Exposure Through an Error Message due to improper handling of sensitive information. An attacker can gain access to sensitive information by exploiting this vulnerability. Remediation Upgrade Azure.Identity to version 1.11.0...