72 matches found
CVE-2025-60794
Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in src/user.ts lines 700-707. This creates a window of opportunity for sensitive data extraction through memory dumps, debugging tools, or other memory access...
CVE-2025-60794
CVE-2025-60794 affects couch-auth 0.21.2. The root cause is tokens and passwords stored in JavaScript objects that are not explicitly cleared in src/user.ts (lines 700–707), leaving sensitive data in memory and creating a window for extraction via memory dumps or debugging tools. This could enabl...
EUVD-2024-53538
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-26268
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document...
CVE-2018-7662
Couch through 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php...
GHSA-R385-C5FC-X56C CouchAuth has a Server-Side Template Injection vulnerability in its email functionality
A host header injection vulnerability exists in the NPM package of perfood/couch-auth = 0.21.2. By sending a specially crafted host header in the email change confirmation request, it is possible to trigger a SSTI which can be leveraged to run limited commands or leak server-side information...
CVE-2024-57177
A host header injection vulnerability exists in the NPM package of perfood/couch-auth = 0.21.2. By sending a specially crafted host header in the email change confirmation request, it is possible to trigger a SSTI which can be leveraged to run limited commands or leak server-side information...
CVE-2024-57177
A host header injection vulnerability exists in the NPM package of perfood/couch-auth = 0.21.2. By sending a specially crafted host header in the email change confirmation request, it is possible to trigger a SSTI which can be leveraged to run limited commands or leak server-side information...
PT-2025-6098 · Perfood · Couch-Auth
Name of the Vulnerable Software and Affected Versions: perfood/couch-auth versions = 0.21.2 Description: A host header injection vulnerability exists in the NPM package of perfood/couch-auth. By sending a specially crafted host header in the email change confirmation request, it is possible to...
CVE-2024-57177
A host header injection vulnerability exists in the NPM package of perfood/couch-auth = 0.21.2. By sending a specially crafted host header in the email change confirmation request, it is possible to trigger a SSTI which can be leveraged to run limited commands or leak server-side information...
CVE-2023-39655
A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions = 0.20.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thu...
Design/Logic Flaw
A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions = 0.20.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thu...
PT-2024-12818 · Npm · @Perfood/Couch-Auth
Name of the Vulnerable Software and Affected Versions: @perfood/couch-auth versions = 0.20.0 Description: A host header injection issue exists in the NPM package @perfood/couch-auth. By sending a specially crafted host header in the forgot password request, it is possible to send password reset...
CVE-2023-39655
The CVE-2023-39655 issue concerns the NPM package @perfood/couch-auth (versions
IBM Planning Analytics 授权问题漏洞
IBM Planning Analytics is a suite of business planning analytics solutions from International Business Machines IBM. The solution supports automated execution of processes such as business planning, budgeting, and analysis. A security vulnerability exists in IBM Planning Analytics Cartridge for...
backbone-couch (>=0.4.0 <=0.5.4), backbone-stash (=0.0.4) +3 more potentially affected by CVE-2016-10537 via backbone (=0.3.3)
backbone NPM version =0.3.3 is affected by a known vulnerability. The following packages have a transitive dependency on backbone and may be impacted: - backbone-couch =0.4.0, =1.1.0, =0.4.0, =0.1.0, =1.0.0 Source cves: CVE-2016-10537 Source advisory: OSV:GHSA-J6P2-CX3W-6JCP...
Webzyme Couch Path Disclosure Vulnerability
Webzyme Couch is the United States Webzyme Softwares, Inc. of a set of open source content management system CMS. A security vulnerability exists in Webzyme Couch. A remote attacker can exploit the vulnerability by sending a direct request to the includes/mysql2i/mysql2i.func.php or...
CVE-2018-7662
Couch through 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php...
CVE-2018-7662
Couch through 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php...
CVE-2018-7662
CVE-2018-7662 affects CouchCMS <= 2.0, enabling remote attackers to disclose the server’s full directory path by directly requesting includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php. This path disclosure arises from a missing/insufficient input validation in the affected end...