CVE-2025-65112
PubNet is a self-hosted Dart/Flutter package service. CVE-2025-65112 concerns the /api/storage/upload endpoint, which prior to version 1.1.3 allowed unauthenticated users to upload packages using arbitrary author-id values, enabling identity spoofing and privilege escalation. Public advisories fr...