6 matches found
PT-2026-36937
A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0. The affected element is the function update document/continue document/delete document/get content of the file app/routes/document.py. Performing a manipulation of the argument DOCS...
Server side request forgery (ssrf)
Whoogle Search is a self-hosted metasearch engine. In versions prior to 0.8.4, the element method in app/routes.py does not validate the user-controlled srctype and elementurl variables and passes them to the send method which sends a GET request on lines 339-343 in request.py, which leads to a...
whoogle-search Cross-Site Scripting Vulnerability
whoogle-search is a software application. Self-hosted, ad-free, privacy-respecting meta-search engine A cross-site scripting vulnerability exists in whoogle-search versions prior to 0.8.4, which stems from the element method in app/routes.py that does not validate user-controlled srctype and...
whoogle-search path traversal vulnerability
whoogle-search is a software application. Self-hosted, ad-free, privacy-respecting metasearch engine. A path traversal vulnerability exists in whoogle-search versions prior to 0.8.4, which stems from the config function in app/routes.py that does not validate the user-controlled name variable and...
OWASP NodeGoat 安全漏洞
OWASP NodeGoat is a project of the OWASP Foundation in the United States. It provides an environment to learn how the OWASP Top 10 security risks apply to web applications developed using Node. OWASP NodeGoat suffers from a security vulnerability that results in a denial of service due to unknown...
Safemode Gem for Ruby is vulnerable to information disclosure
Safemode is initialised with an optional 'delegate' object. If the delegated object is a Rails controller, 'inspect' could be called which then exposes all informations about the App, including routes, secret tokens, caches and so on...