37 matches found
GHSA-W2Q5-6Q6X-X959 vulnerabilities
Vulnerabilities for packages: nrdot-collector-k8s, cloud-sql-proxy, cloudbeat, databricks-cli, grafana, prometheus-blackbox-exporter-fips, kubernetes-dashboard-api-fips...
GHSA-H3RR-9WQJ-V3C6 AstrBot has Incomplete Filtering of Special Elements
A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function createtemplate of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The atta...
EUVD-2026-25660
A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function createtemplate of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The atta...
CVE-2026-6984
AstrBotDevs AstrBot up to version 4.22.1 contains a vulnerability in the Dashboard API, specifically in the create_template function (astrbot/dashboard/routes/t2i.py). The issue is improper neutralization of special elements used in the template engine, enabling remote execution. Public exploit i...
CVE-2026-40089
Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audio Streaming Stack dashboard contains a Server-Side Request Forgery SSRF vulnerability in its API client apps/dashboard/lib/api.ts. Installations created using the provided install.sh script includi...
GHSA-7MR4-XJXG-34G6 vulnerabilities
Vulnerabilities for packages: goreleaser, grafana-agent-operator, kserve-rest-proxy, kubernetes-csi-driver-hostpath, knative-client, newrelic-infrastructure-agent, mc, rclone, helm-mapkubeapis, hubble-ui, tailscale, vault-benchmark, golangci-lint, k8ssandra-client, kubescape, spqr, gitaly,...
CVE-2026-32289 vulnerabilities
Vulnerabilities for packages: goreleaser, grafana-agent-operator, kserve-rest-proxy, kubernetes-csi-driver-hostpath, knative-client, newrelic-infrastructure-agent, mc, rclone, helm-mapkubeapis, hubble-ui, tailscale, vault-benchmark, golangci-lint, k8ssandra-client, kubescape, spqr, gitaly,...
CVE-2026-40089 Sonicverse has Server-Side Request Forgery via user-controlled URLs in dashboard API client
Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audio Streaming Stack dashboard contains a Server-Side Request Forgery SSRF vulnerability in its API client apps/dashboard/lib/api.ts. Installations created using the provided install.sh script includi...
PT-2026-31718
Name of the Vulnerable Software and Affected Versions Sonicverse versions prior to commit cb1ddbacafcb441549fe87d3eeabdb6a085325e4 Description The Sonicverse Radio Audio Streaming Stack dashboard contains a Server-Side Request Forgery SSRF vulnerability in its API client apps/dashboard/lib/api.ts...
EUVD-2026-19517
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.0, a Server-Side Request Forgery SSRF protection bypass has been identified and fixed in Directus. The IP address validation mechanism used to block requests to local and private networks could be...
Unspecified Vulnerability in StudioCMS (CNVD-2026-18154)
StudioCMS is StudioCMS open source a content management system . A denial of service vulnerability exists in StudioCMS. The vulnerability stems from insufficient DELETE /studiocmsapi/dashboard/api-tokens endpoint validation, which can be exploited by an attacker to cause a denial of service...
Unspecified Vulnerability in StudioCMS (CNVD-2026-18153)
StudioCMS is StudioCMS open source a content management system . StudioCMS has an authorization issue vulnerability that originates from improper authorization of the /studiocmsapi/dashboard/api-tokens endpoint, which can be exploited by an attacker to cause elevation of privilege...
GHSA-WJ56-G96R-673Q StudioCMS: REST API Missing Rank Check Allows Admin to Create Peer Admin Accounts
Summary The REST API createUser endpoint uses string-based rank checks that only block creating owner accounts, while the Dashboard API uses indexOf-based rank comparison that prevents creating users at or above your own rank. This inconsistency allows an admin to create additional admin accounts...
CVE-2026-30945
CVE-2026-30945 : StudioCMS prior to 0.4.0 exposes an authorization flaw in DELETE /studiocms_api/dashboard/api-tokens. Any authenticated user with editor privileges or above can revoke API tokens for any user (including admin/owner) because tokenID and userID are taken directly from the request w...
CVE-2026-30233
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authorization flaw in OliveTin allows authenticated users with view: false permission to enumerate action bindings and metadata via dashboard and API endpoints. Although execution exec may be...
CVE-2025-61728 vulnerabilities
Vulnerabilities for packages: newrelic-fluent-bit-output, syncthing, dask-gateway, headlamp-fips, kubernetes-dns-node-cache-fips, telegraf, consul-fips, agentbeat, runc, aws-flb-cloudwatch-fips, k8sgateway, mattermost, zitadel, cerbos-fips, beats, aws-flb-kinesis-fips,...
CVE-2025-61729 vulnerabilities
Vulnerabilities for packages: goreleaser, kubernetes-csi-driver-hostpath, newrelic-infrastructure-agent, mods, aws-flb-cloudwatch, cert-manager-webhook-pdns, ipfs-cluster, kapp, rancher, tfsec, task, steampipe, nri-elasticsearch, kserve, hello-world-golang, nerdctl, kine, guac, pdfcpu,...
EUVD-2018-6603
Malware in sbrugna...
EUVD-2018-6602
Malware in sbrugna...
EUVD-2022-27103
Malicious code in bioql PyPI...