Lucene search
K

33 matches found

Vulnrichment
Vulnrichment
added 2026/05/29 6:30 p.m.12 views

CVE-2026-48555 Spatie Laravel Media Library < 11.23.0 SSRF via addMediaFromUrl()

Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to cause the server to issue arbitrary outbound HTTP requests by passing user-controlled URLs to the addMediaFromUrl method in InteractsWithMedia.php...

7.4CVSS6AI score0.00248EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/29 6:30 p.m.20 views

EUVD-2026-33418

Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to cause the server to issue arbitrary outbound HTTP requests by passing user-controlled URLs to the addMediaFromUrl method in InteractsWithMedia.php...

7.4CVSS6AI score0.00248EPSS
Exploits0References4
CVE
CVE
added 2026/05/29 6:30 p.m.45 views

CVE-2026-48555

Spatie Laravel Media Library (≤11.22.x) is affected by an SSRF in addMediaFromUrl() used by InteractsWithMedia.php, allowing a remote attacker to induce the server to make arbitrary outbound HTTP requests by providing user-controlled URLs. Impact aligns with CVSS: Network, with low to moderate co...

7.4CVSS6AI score0.00248EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.17 views

PT-2026-44978

Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to cause the server to issue arbitrary outbound HTTP requests by passing user-controlled URLs to the addMediaFromUrl method in InteractsWithMedia.php...

7.4CVSS6AI score0.00248EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

Spatie Laravel Media Library Pro 代码问题漏洞

Spatie Laravel Media Library Pro is a UI component for Laravel media libraries developed by the Belgian company Spatie. Versions of Spatie Laravel Media Library Pro prior to 11.23.0 had code vulnerabilities. These vulnerabilities stemmed from the addMediaFromUrl method in InteractsWithMedia.php,...

7.4CVSS6AI score0.00248EPSS
Exploits0References4
Veracode
Veracode
added 2025/12/13 7:37 a.m.7 views

Directory Traversal

NiceGUI is vulnerable to Directory Traversal. The vulnerability is due to improper validation in the App.addmediafiles function, which allows an attacker to access and read arbitrary files from the server filesystem...

7.5CVSS5.9AI score0.00963EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2025/12/09 10:16 p.m.5 views

CVE-2025-66645

NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.addmediafiles function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0...

7.5CVSS0.00963EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/09 9:41 p.m.3 views

CVE-2025-66645 NiceGUI Path Traversal Vulnerability in app.add_media_files() Allows Arbitrary File Reading

NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.addmediafiles function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0...

7.5CVSS6.5AI score0.00963EPSS
Exploits1References2
CVE
CVE
added 2025/12/09 9:41 p.m.17 views

CVE-2025-66645

CVE-2025-66645 - NiceGUI Directory Traversal : Plenty of connected sources confirm a vulnerability in NiceGUI (

7.5CVSS6.5AI score0.00963EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/12/09 9:41 p.m.4 views

EUVD-2025-201931

NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.addmediafiles function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0...

7.5CVSS6.3AI score0.00963EPSS
Exploits1References3
OSV
OSV
added 2025/12/09 9:41 p.m.4 views

CVE-2025-66645 NiceGUI Path Traversal Vulnerability in app.add_media_files() Allows Arbitrary File Reading

NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.addmediafiles function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0...

7.5CVSS6.8AI score0.00963EPSS
Exploits1References4
Snyk
Snyk
added 2025/12/09 2:25 p.m.3 views

Directory Traversal

Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Directory Traversal via the addmediafiles function. An attacker can read arbitrary files on the server filesystem. Details A Directory Traversal attack also known ...

8.7CVSS7.3AI score0.00963EPSS
Exploits1References2
OSV
OSV
added 2025/12/09 2:25 p.m.4 views

GHSA-HXP3-63HC-5366 NiceGUI has a path traversal in app.add_media_files() allows arbitrary file read

Summary A directory traversal vulnerability in NiceGUI's App.addmediafiles allows a remote attacker to read arbitrary files on the server filesystem. Details Hello, I am Seungbin Yang, a university student studying cybersecurity. While reviewing the source code of the repository, I discovered a...

7.5CVSS6.9AI score0.00963EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.6 views

PT-2025-50275

Name of the Vulnerable Software and Affected Versions NiceGUI versions 3.3.1 and below Description NiceGUI, a Python-based UI framework, contains a flaw that allows a remote attacker to read arbitrary files on the server filesystem. This is due to a directory traversal issue present in the App.ad...

7.5CVSS6.6AI score0.00963EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-30335

Malicious code in bioql PyPI...

7.1CVSS6.4AI score0.00354EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:46 a.m.15 views

CVE-2024-25802

SKINsoft S-Museum 7.02.3 allows Unrestricted File Upload via the Add Media function. Unlike in CVE-2024-25801, the attack payload is the file content...

9.8CVSS6.5AI score0.00562EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:55 a.m.8 views

CVE-2024-32533

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Peter Shaw LH Add Media From Url allows Reflected XSS.This issue affects LH Add Media From Url: from n/a through 1.22...

7.1CVSS5.2AI score0.00354EPSS
Exploits0References1
NVD
NVD
added 2024/08/21 6:15 a.m.31 views

CVE-2024-7090

The LH Add Media From Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘lhaddmediafromurl-fileurl’ parameter in all versions up to, and including, 1.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

6.1CVSS0.00392EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/08/21 5:30 a.m.22 views

CVE-2024-7090 LH Add Media From Url <= 1.23 - Reflected Cross-Site Scripting

The LH Add Media From Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘lhaddmediafromurl-fileurl’ parameter in all versions up to, and including, 1.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

6.1CVSS0.00392EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/08/21 12:0 a.m.7 views

WordPress LH Add Media From Url Plugin <= 1.23 is vulnerable to Cross Site Scripting (XSS)

Software LH Add Media From Url Type Plugin Vulnerable versions = 1.23 Fixed in 1.30 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7090 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b062d0fb1671 Credits Piotr Kuśpit...

6.1CVSS5.7AI score0.00392EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder