2 matches found
CVE-2026-32255 Kan is Vulnerable to Unauthenticated SSRF via Attachment Download Endpoint
Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch server-side, and returns the...
0utmailauth (=1.0.0), @1023-ventures/merope2 (>=0.2.1 <=0.2.9) +1698 more potentially affected by CVE-2024-11023 via firebase (>=0.5.4 <=10.8.1)
firebase NPM version =0.5.4, =0.2.1, =0.5.2, =0.5.2, =0.5.0, =0.4.2, =0.5.116, =3.2.4, =1.0.0, =1.0.0, =1.0.9-beta.0, =0.5.21, =0.5.21, =0.5.26-beta.0 and more Source cves: CVE-2024-11023 Source advisory: OSV:GHSA-3WF4-68GX-MPH8...