33 matches found
CVE-2026-22777
ComfyUI-Manager is an extension designed to enhance the usability of ComfyUI. Prior to versions 3.39.2 and 4.0.5, an attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. This can lead to security setting tampering or...
CVE-2026-22777 ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler
ComfyUI-Manager is an extension designed to enhance the usability of ComfyUI. Prior to versions 3.39.2 and 4.0.5, an attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. This can lead to security setting tampering or...
ComfyUI-Manager 注入漏洞
ComfyUI-Manager is an extension from the individual developers of Dr. Lt. Data designed to enhance the usability of ComfyUI. An injection vulnerability exists in ComfyUI-Manager versions prior to 3.39.2 and 4.0.5, which allows an attacker to inject special characters into HTTP query parameters in...
PT-2026-2261
Name of the Vulnerable Software and Affected Versions ComfyUI-Manager versions prior to 3.39.2 ComfyUI-Manager versions prior to 4.0.5 Description ComfyUI-Manager, an extension for ComfyUI, is susceptible to arbitrary configuration injection. An attacker can inject special characters into HTTP...
EUVD-2025-0126
Malicious code in bioql PyPI...
CVE-2025-58761 Tautulli vulnerable to Unauthenticated Path Traversal in `real_pms_image_proxy`
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. The realpmsimageproxy endpoint in Tautulli v2.15.3 and prior is vulnerable to path traversal, allowing unauthenticated attackers to read arbitrary files from the application server's filesystem. The realpmsimageproxy i...
SUSE CVE-2025-24337
WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini...
Credential Disclosure
github.com/writefreely/writefreely is vulnerable to Credential Disclosure. The vulnerability is due to improper configuration management. Specifically, the sensitive information in the config.ini file is not adequately protected, allowing local users to access it and discover credentials when MyS...
CVE-2025-24337
WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini...
CVE-2025-24337
WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini...
WriteFreely 安全漏洞
WriteFreely is a Markdown-based publishing platform open-sourced by WriteFreely. A security vulnerability exists in WriteFreely version 0.15.1 and earlier, which stems from allowing a local user to discover credentials by reading config.ini...
CVE-2025-24337
WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini...
CVE-2025-24337
WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini...
PT-2025-5335 · Unknown +1 · Writefreely +1
Name of the Vulnerable Software and Affected Versions: WriteFreely versions 0.15.1 and earlier Description: The issue allows local users to discover credentials by reading the config.ini file when MySQL is used. This is due to insecure default configuration access. Recommendations: For versions...
GHSA-WX24-VQRG-M6M5 VuFind Server-Side Request Forgery (SSRF) vulnerability
A Server-Side Request Forgery SSRF vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to gain access to the administrator panel and achieve Remote Code Execution. A mitigating...
CVE-2024-25738
A Server-Side Request Forgery SSRF vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to gain access to the administrator panel and achieve Remote Code Execution. A mitigating...
CVE-2023-38943
ShuiZe0x727 v1.0 was discovered to contain a remote command execution RCE vulnerability via the component /iniFile/config.ini...
Command injection
ShuiZe0x727 v1.0 was discovered to contain a remote command execution RCE vulnerability via the component /iniFile/config.ini...
CVE-2023-38943
ShuiZe0x727 v1.0 was discovered to contain a remote command execution RCE vulnerability via the component /iniFile/config.ini...
CVE-2023-38943
ShuiZe_0x727 v1.0 contains a remote command execution (RCE) vulnerability via the component /iniFile/config.ini. CVSS 3.1 metrics indicate NETWORK vector, high impact to confidentiality, integrity, and availability (8.8). No remediation details or in‑the‑wild exploitation information are provided...