2 matches found
CVE-2026-34981
The whisperX API is a tool for enhancing and analyzing audio content. From 0.3.1 to 0.5.0, FileService.downloadfromurl in app/services/fileservice.py calls requests.geturl with zero URL validation. The file extension check occurs AFTER the HTTP request is already made, and can be bypassed by...
CVE-2024-42598
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admineditplayer.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execut...