OPENSUSE-SU-2026:20578-1 Security update for python-Django

This update for python-Django fixes the following issues: Changes in python-Django: - CVE-2026-3902: ASGI header spoofing via underscore/hyphen conflation bsc1261729 - CVE-2026-4277: Privilege abuse in GenericInlineModelAdmin bsc1261731 - CVE-2026-4292: Privilege abuse in ModelAdmin.listeditable...

CVE-2026-35180 WWBN AVideo affected by CSRF on Site Customization Endpoint Enables Logo Overwrite via Base64 File Write

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization endpoint at admin/customizesettingsnativeUpdate.json.php lacks CSRF token validation and writes uploaded logo files to disk before the ORM's domain-based security check executes. Combined with...

CVE-2024-42640

angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of...

Angular-Base64-Upload Library 0.1.21 - Unauthenticated Remote Code Execution (RCE)

Exploit Title: Angular-Base64-Upload Library 0.1.21 - Unauthenticated Remote Code Execution RCE Date: 10 October 2024 Discovered by : Ravindu Wickramasinghe | rvz @rvizx9 Exploit Author: Ravindu Wickramasinghe | rvz @rvizx9 Vendor Homepage: https://www.npmjs.com/package/angular-base64-upload...

📄 Angular-Base64-Upload Library Remote Code Execution

Angular-Base64-Upload library unauthenticated remote code execution proof of concept exploit that affects versions prior to 0.1.21. !/bin/python3 Exploit Title: Unauthenticated RCE via Angular-Base64-Upload Library Date: 10 October 2024 Discovered by : Ravindu Wickramasinghe | rvz @rvizx9 Exploit...

Exploit for CVE-2024-42640

CVE-2024-42640 Unauthenticated Remote Code Execution via Angul...

Remote Code Execution (RCE)

angular-base64-upload is vulnerable to Remote Code Execution RCE. The vulnerability is due to a lack of proper access controls in demo/server.php, allowing attackers to upload arbitrary content, which can then be executed from demo/uploads...

VulnCheck KEV: CVE-2024-42640

angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of...

GHSA-VGXQ-6RCF-QWRW angular-base64-upload vulnerable to unauthenticated remote code execution

angular-base64-upload versions prior to v0.1.21 are vulnerable to unauthenticated remote code execution via the angular-base64-upload/demo/server.php endpoint. Exploitation of this vulnerability involves uploading arbitrary file content to the server, which can subsequently accessed through the...

angular-base64-upload vulnerable to unauthenticated remote code execution

angular-base64-upload versions prior to v0.1.21 are vulnerable to unauthenticated remote code execution via the angular-base64-upload/demo/server.php endpoint. Exploitation of this vulnerability involves uploading arbitrary file content to the server, which can subsequently accessed through the...

CVE-2024-42640

angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of...

angular-base64-upload 安全漏洞

angular-base64-upload is a library by the individual developers of Adones Pitogo. A security vulnerability exists in angular-base64-upload prior to version 0.1.21, which stems from vulnerability to an unauthenticated remote code execution attack via demo/server.php...

CVE-2024-42640

CVE-2024-42640 affects the Angular-base64-upload library prior to v0.1.21. The root cause is unauthenticated remote code execution via the demo/server.php endpoint, allowing an attacker to upload arbitrary content that can be accessed at demo/uploads and executed on the server. Affected packages ...

PT-2024-6803 · Unknown · Angular-Base64-Upload

Name of the Vulnerable Software and Affected Versions: angular-base64-upload versions prior to v0.1.21 Description: The issue is related to the angular-base64-upload library, which has a vulnerability that allows an attacker to execute arbitrary code on the server by uploading a specially crafted...

Exploit for CVE-2024-42640

CVE-2024-42640 CVE-2024-42640 Unauthenticated Re...