10 matches found
GHSA-4G9M-RFFV-H6WQ Crabbox: authentication bypass vulnerability that allows impersonation of others by spoofing identity headers
Crabbox prior to v0.12.0 contains an authentication bypass vulnerability that allows non-admin shared-token callers to impersonate other owners or organizations by spoofing identity headers. Attackers can inject malicious X-Crabbox-Owner and X-Crabbox-Org headers in requests authenticated with a...
CVE-2021-47946
OpenCart 3.0.3.6 contains a cross-site request forgery vulnerability in the /account/edit endpoint that allows unauthenticated attackers to modify victim account details by tricking users into visiting malicious pages. Attackers can craft CSRF payloads that change victim email addresses and accou...
OpenCart 跨站请求伪造漏洞
OpenCart is an open-source e-commerce system developed by the OpenCart team in China. This system provides modules for product reviews, product ratings, and product addition. Version 3.0.36 of OpenCart has a cross-site request forgeing vulnerability. This vulnerability stems from the /account/edi...
CVE-2026-0595
Removed by vendor...
PT-2026-7524
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 13.9 through 18.6.6 GitLab CE/EE versions 18.7 through 18.7.4 GitLab CE/EE versions 18.8 through 18.8.4 Description An issue exists in GitLab CE/EE where an authenticated user could potentially add unauthorized email...
EUVD-2025-27287
Malicious code in bioql PyPI...
CVE-2024-29891
ZITADEL users can upload their own avatar image and various image types are allowed. Due to a missing check, an attacker could upload HTML and pretend it is an image to gain access to the victim's account in certain scenarios. A possible victim would need to directly open the supposed image in th...
Directus Security Vulnerabilities
Directus is a real-time Api and application dashboard. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 10.8.3, which stems from a vulnerability that allows an attacker to receive password reset emails from victimized users...
memos 安全漏洞
memos is an open source hosted memo center with knowledge management and social features. A security vulnerability exists in versions of memos prior to 0.9.1, which stems from a vulnerability that allows an attacker to add malicious tags to a vitim account...
Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver
✍️ Description stored xss bug via link in store 🕵️♂️ Proof of Concept 1. goto https://mainnet.demo.btcpayserver.org/stores and create a store .\ 2. Now open that store using url https://mainnet.demo.btcpayserver.org/stores/BuBNcrh8vpu4sMcTikqXoP5pXU49hvoFDyqAoA46Tns2 and change website link to...