52 matches found
Astra Linux - уязвимость в exiv2
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A out-of-bounds read vulnerability was discovered in Exiv2 versions v0.27.4 and earlier. This vulnerability occurs when Exiv2 is used to read the metadata of a specially...
CVE-2026-33528
GoDoxy is a reverse proxy and container orchestrator for self-hosters. Prior to version 0.27.5, the file content API endpoint at /api/v1/file/content is vulnerable to path traversal. The filename query parameter is passed directly to path.Joincommon.ConfigBasePath, filename where ConfigBasePath =...
CVE-2026-33528 GoDoxy has a Path Traversal Vulnerability in its File API
GoDoxy is a reverse proxy and container orchestrator for self-hosters. Prior to version 0.27.5, the file content API endpoint at /api/v1/file/content is vulnerable to path traversal. The filename query parameter is passed directly to path.Joincommon.ConfigBasePath, filename where ConfigBasePath =...
CVE-2026-33528 GoDoxy has a Path Traversal Vulnerability in its File API
GoDoxy is a reverse proxy and container orchestrator for self-hosters. Prior to version 0.27.5, the file content API endpoint at /api/v1/file/content is vulnerable to path traversal. The filename query parameter is passed directly to path.Joincommon.ConfigBasePath, filename where ConfigBasePath =...
CVE-2026-33528 GoDoxy has a Path Traversal Vulnerability in its File API
GoDoxy is a reverse proxy and container orchestrator for self-hosters. Prior to version 0.27.5, the file content API endpoint at /api/v1/file/content is vulnerable to path traversal. The filename query parameter is passed directly to path.Joincommon.ConfigBasePath, filename where ConfigBasePath =...
CVE-2026-33528
GoDoxy is a reverse proxy and container orchestrator for self-hosters. Prior to version 0.27.5, the file content API endpoint at /api/v1/file/content is vulnerable to path traversal. The filename query parameter is passed directly to path.Joincommon.ConfigBasePath, filename where ConfigBasePath =...
godoxy 路径遍历漏洞
Godoxy is a lightweight reverse proxy tool developed by Yuzerion’s individual developers. Versions of Godoxy prior to 0.27.5 contained a path traversal vulnerability. This vulnerability stemmed from the file content API endpoint’s lack of protection against path traversal, potentially allowing...
EUVD-2021-20995
Malware in sbrugna...
Cross site request forgery (csrf)
Decidim is a participatory democracy framework. Starting in version 0.23.0 and prior to versions 0.27.5 and 0.28.0, the CSRF authenticity token check is disabled for the questionnaire templates preview. The issue does not imply a serious security thread as you need to have access also to the...
Server-Side Request Forgery (SSRF)
Overview decidim-templates is a This module provides a solution to create templates for different Decidim models, such as Proposals and Questionnaires. Affected versions of this package are vulnerable to Server-Side Request Forgery SSRF due to the authenticity token check being disabled for the...
CVE-2023-47635 Decidim vulnerable to possible CSRF attack at questionnaire templates preview
Decidim is a participatory democracy framework. Starting in version 0.23.0 and prior to versions 0.27.5 and 0.28.0, the CSRF authenticity token check is disabled for the questionnaire templates preview. The issue does not imply a serious security thread as you need to have access also to the...
Decidim security breach
Decidim is a participatory democracy framework, written in Ruby on Rails. A security vulnerability exists in Decidim , decidim-admin, decidim-system, deviseinvitable versions prior to 0.26.9, 0.27.5, and 0.28.0, which stems from an invitation feature that allows users to accept invitations...
Decidim Cross-Site Scripting Vulnerability
Decidim is a participatory democracy framework written in Ruby on Rails. A cross-site scripting vulnerability exists in Decidim versions 0.27.0 through 0.27.5 and 0.28.0, which stems from a cross-site scripting vulnerability in the dynamic file upload feature...
SUSE CVE-2021-32815
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The assertion failure is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denia...
SUSE CVE-2021-34334
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of...
SUSE CVE-2021-37618
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to print the metadata of a crafted image file. A...
SUSE CVE-2021-37619
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An...
SUSE CVE-2021-37620
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted image file. An...
CVE-2021-37621 affecting package exiv2 for versions less than 0.27.5-1
CVE-2021-37621 affecting package exiv2 for versions less than 0.27.5-1. An upgraded version of the package is available that resolves this issue...
CVE-2021-29463 affecting package exiv2 for versions less than 0.27.5-1
CVE-2021-29463 affecting package exiv2 for versions less than 0.27.5-1. An upgraded version of the package is available that resolves this issue...