33 matches found
CVE-2026-48555 Spatie Laravel Media Library < 11.23.0 SSRF via addMediaFromUrl()
Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to cause the server to issue arbitrary outbound HTTP requests by passing user-controlled URLs to the addMediaFromUrl method in InteractsWithMedia.php...
EUVD-2026-33418
Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to cause the server to issue arbitrary outbound HTTP requests by passing user-controlled URLs to the addMediaFromUrl method in InteractsWithMedia.php...
CVE-2026-48555
Spatie Laravel Media Library (≤11.22.x) is affected by an SSRF in addMediaFromUrl() used by InteractsWithMedia.php, allowing a remote attacker to induce the server to make arbitrary outbound HTTP requests by providing user-controlled URLs. Impact aligns with CVSS: Network, with low to moderate co...
PT-2026-44978
Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to cause the server to issue arbitrary outbound HTTP requests by passing user-controlled URLs to the addMediaFromUrl method in InteractsWithMedia.php...
Spatie Laravel Media Library Pro 代码问题漏洞
Spatie Laravel Media Library Pro is a UI component for Laravel media libraries developed by the Belgian company Spatie. Versions of Spatie Laravel Media Library Pro prior to 11.23.0 had code vulnerabilities. These vulnerabilities stemmed from the addMediaFromUrl method in InteractsWithMedia.php,...
Directory Traversal
NiceGUI is vulnerable to Directory Traversal. The vulnerability is due to improper validation in the App.addmediafiles function, which allows an attacker to access and read arbitrary files from the server filesystem...
CVE-2025-66645
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.addmediafiles function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0...
CVE-2025-66645 NiceGUI Path Traversal Vulnerability in app.add_media_files() Allows Arbitrary File Reading
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.addmediafiles function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0...
CVE-2025-66645
CVE-2025-66645 - NiceGUI Directory Traversal : Plenty of connected sources confirm a vulnerability in NiceGUI (
EUVD-2025-201931
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.addmediafiles function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0...
CVE-2025-66645 NiceGUI Path Traversal Vulnerability in app.add_media_files() Allows Arbitrary File Reading
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.addmediafiles function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0...
Directory Traversal
Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Directory Traversal via the addmediafiles function. An attacker can read arbitrary files on the server filesystem. Details A Directory Traversal attack also known ...
GHSA-HXP3-63HC-5366 NiceGUI has a path traversal in app.add_media_files() allows arbitrary file read
Summary A directory traversal vulnerability in NiceGUI's App.addmediafiles allows a remote attacker to read arbitrary files on the server filesystem. Details Hello, I am Seungbin Yang, a university student studying cybersecurity. While reviewing the source code of the repository, I discovered a...
PT-2025-50275
Name of the Vulnerable Software and Affected Versions NiceGUI versions 3.3.1 and below Description NiceGUI, a Python-based UI framework, contains a flaw that allows a remote attacker to read arbitrary files on the server filesystem. This is due to a directory traversal issue present in the App.ad...
EUVD-2024-30335
Malicious code in bioql PyPI...
CVE-2024-25802
SKINsoft S-Museum 7.02.3 allows Unrestricted File Upload via the Add Media function. Unlike in CVE-2024-25801, the attack payload is the file content...
CVE-2024-32533
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Peter Shaw LH Add Media From Url allows Reflected XSS.This issue affects LH Add Media From Url: from n/a through 1.22...
CVE-2024-7090
The LH Add Media From Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘lhaddmediafromurl-fileurl’ parameter in all versions up to, and including, 1.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...
CVE-2024-7090 LH Add Media From Url <= 1.23 - Reflected Cross-Site Scripting
The LH Add Media From Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘lhaddmediafromurl-fileurl’ parameter in all versions up to, and including, 1.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...
WordPress LH Add Media From Url Plugin <= 1.23 is vulnerable to Cross Site Scripting (XSS)
Software LH Add Media From Url Type Plugin Vulnerable versions = 1.23 Fixed in 1.30 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7090 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b062d0fb1671 Credits Piotr Kuśpit...