Lucene search
K

6 matches found

Nuclei
Nuclei
added 5 hours ago17 views

CodiMD <2.5.4 - Insecure Filename Randomization

CodiMD does not require valid authentication to access uploaded images or to upload new image data. An attacker who can determine an uploaded image's URL can gain unauthorised access to uploaded image data. Due to the insecure random filename generation in the underlying Formidable library, an...

5.3CVSS5.8AI score0.01158EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-12480

Malicious code in bioql PyPI...

4.9CVSS6.5AI score0.00212EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-12479

Malicious code in bioql PyPI...

4.9CVSS6.5AI score0.00202EPSS
Exploits0References3
OSV
OSV
added 2025/04/26 9:15 p.m.7 views

CVE-2025-46655

CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed in certain cases of different-origin file storage, such as AWS S3. NOTE: it can be considered a user error if AWS is employed for hosting untrusted...

4.9CVSS5.9AI score
Exploits0References2
NVD
NVD
added 2025/04/26 9:15 p.m.22 views

CVE-2025-46655

CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed in certain cases of different-origin file storage, such as AWS S3. NOTE: it can be considered a user error if AWS is employed for hosting untrusted...

4.9CVSS0.00202EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/26 12:0 a.m.11 views

CVE-2025-46654

CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file...

4.9CVSS0.00212EPSS
Exploits1References2
Rows per page
Query Builder