5 matches found
PT-2026-6437
Summary Authenticated users can crash the Navidrome server by supplying an excessively large size parameter to /rest/getCoverArt or to a shared-image URL /share/img/. When processing such requests, the server attempts to create an extremely large resized image, causing uncontrolled memory growth...
Navidrome 安全漏洞
Navidrome is an open-source web-based music collection server and streaming service developed by Navidrome. It allows users to listen to their music collections from any browser or mobile device. Versions of Navidrome prior to 0.60.0 contained a security vulnerability that occurred when attemptin...
CVE-2025-66838
In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. An attacker can exploit this behavior to rapidly upload a large volume of files, potentially leading to resource exhaustio...
SUSE CVE-2024-1727
A Cross-Site Request Forgery CSRF vulnerability in gradio-app/gradio allows attackers to upload multiple large files to a victim's system if they are running Gradio locally. By crafting a malicious HTML page that triggers an unauthorized file upload to the victim's server, an attacker can deplete...
Moderate: Red Hat Security Advisory: openstack-nova security update
Updated openstack-nova packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 7.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...