7 matches found
CVE-2026-30870
CVE-2026-30870 affects PowerSync Service (server-side of the PowerSync sync engine). In version 1.20.0, using new sync streams with config.edition: 3, certain subquery filters could be ignored when deciding which data to sync to users, potentially allowing authenticated users to receive data that...
GHSA-9JXW-CFRH-JXQ6 Cachet vulnerable to new line injection during configuration edition
Impact Authenticated users, regardless of their privileges User or Admin, can exploit a new line injection in the configuration edition feature e.g. mail settings and gain arbitrary code execution on the server. Patches This issue was addressed by improving UpdateConfigCommandHandler and preventi...
Cachet vulnerable to new line injection during configuration edition
Impact Authenticated users, regardless of their privileges User or Admin, can exploit a new line injection in the configuration edition feature e.g. mail settings and gain arbitrary code execution on the server. Patches This issue was addressed by improving UpdateConfigCommandHandler and preventi...
CVE-2021-39172
Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, can exploit a new line injection in the configuration edition feature e.g. mail settings and gain arbitrary code execution on the server. This issue was addresse...
Design/Logic Flaw
Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, can exploit a new line injection in the configuration edition feature e.g. mail settings and gain arbitrary code execution on the server. This issue was addresse...
CVE-2021-39172 New line injection during configuration edition
Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, can exploit a new line injection in the configuration edition feature e.g. mail settings and gain arbitrary code execution on the server. This issue was addresse...
CVE-2021-39172
Cachet (open source status page system) prior to version 2.5.1 is vulnerable to a new line injection in the configuration edition feature (e.g., mail settings) that allows authenticated users, regardless of privilege, to achieve arbitrary code execution on the server. Root cause: insertion of new...