1336 matches found
linkding 安全漏洞
linkding is a bookmark manager that can be self-hosted by the individual developer Sascha Ißbrücker. A security vulnerability exists in linkding that stems from the file upload feature in the bookmarks and asset rendering pipeline that allows the upload of malicious SVG files containing JavaScrip...
EUVD-2025-204004
A vulnerability in the file upload at bookmark + asset rendering pipeline allows an attacker to upload a malicious SVG file with JavaScript content. When an authenticated admin user views the SVG file with embedded JavaScript code of shared bookmark, JavaScript executes in the admin’s browser,...
CVE-2025-14202 Cross-Site Request Forgery (CSRF) Leading to Account Takeover via SVG File Upload
A vulnerability in the file upload at bookmark + asset rendering pipeline allows an attacker to upload a malicious SVG file with JavaScript content. When an authenticated admin user views the SVG file with embedded JavaScript code of shared bookmark, JavaScript executes in the admin’s browser,...
📄 phpIPAM 1.5.1 SQL Injection
phpIPAM version 1.5.1 suffers from a remote SQL injection vulnerability. Exploit Title: phpIPAM 1.5.1 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/phpipam/phpipam/ Software Link: https://github.com/phpipam/phpipam/ Version: 1.5.1 Tested on: Windo...
phpIPAM 1.5.1 - SQL Injection
Exploit Title: phpIPAM 1.5.1 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/phpipam/phpipam/ Software Link: https://github.com/phpipam/phpipam/ Version: 1.5.1 Tested on: Windows CVE : CVE-2023-1211 Proof Of Concept POST...
CVE-2025-11990
GitLab CVE-2025-11990 affects GitLab EE with affected versions 18.4 before 18.4.4 and 18.5 before 18.5.2. The issue arises from improper input validation in repository references combined with redirect handling weaknesses, enabling an authenticated user to obtain CSRF tokens. Remediation per conn...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab EE versions 18.4 before 18.4.4 and...
CVE-2025-34133
Wimi Teamwork versions prior to 7.38.17 contains a cross-site request forgery CSRF vulnerability in its API. The API accepts any authenticated request that contains a JSON field named 'csrftoken' without validating the field’s value; only the presence of the field is checked. An attacker can craf...
PT-2025-41330
Name of the Vulnerable Software and Affected Versions WP Go Maps plugin for WordPress versions prior to 9.0.46 Description The WP Go Maps plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. The plugin exposes state-changing REST actions through an AJAX bridge without appropria...
EUVD-2016-6744
Malware in sbrugna...
EUVD-2013-3451
Malware in sbrugna...
EUVD-2018-8652
Malware in sbrugna...
EUVD-2018-0170
Malware in sbrugna...
EUVD-2020-18663
Malware in sbrugna...
EUVD-2018-20516
Malware in sbrugna...
EUVD-2020-17833
Malware in sbrugna...
EUVD-2021-22133
Malware in sbrugna...
EUVD-2017-14274
Malware in sbrugna...
EUVD-2019-6501
Malware in sbrugna...
EUVD-2020-7761
Malware in sbrugna...