CVE-2025-65113

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 - 164, an authorization bypass vulnerability in the AJAX flagging system allows any unauthenticated user to flag any content users, videos, photos, collections on the platform. This can lead to mass flagging attacks,...

CVE-2025-65113

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 - 164, an authorization bypass vulnerability in the AJAX flagging system allows any unauthenticated user to flag any content users, videos, photos, collections on the platform. This can lead to mass flagging attacks,...

CVE-2025-65113

ClipBucket v5 contains an authorization bypass in the AJAX flagging system that allows any unauthenticated user to flag content (users, videos, photos, collections). Affected versions are prior to 5.5.2; this issue can enable mass flagging and moderation abuse. The vulnerability has been patched ...

CVE-2025-65113 ClipBucket v5 Unauthenticated Object Flagging Vulnerability

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 - 164, an authorization bypass vulnerability in the AJAX flagging system allows any unauthenticated user to flag any content users, videos, photos, collections on the platform. This can lead to mass flagging attacks,...

EUVD-2025-199885

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 - 164, an authorization bypass vulnerability in the AJAX flagging system allows any unauthenticated user to flag any content users, videos, photos, collections on the platform. This can lead to mass flagging attacks,...

CVE-2025-65113 ClipBucket v5 Unauthenticated Object Flagging Vulnerability

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 - 164, an authorization bypass vulnerability in the AJAX flagging system allows any unauthenticated user to flag any content users, videos, photos, collections on the platform. This can lead to mass flagging attacks,...

CVE-2025-65113 ClipBucket v5 Unauthenticated Object Flagging Vulnerability

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 - 164, an authorization bypass vulnerability in the AJAX flagging system allows any unauthenticated user to flag any content users, videos, photos, collections on the platform. This can lead to mass flagging attacks,...

PT-2025-48351

Name of the Vulnerable Software and Affected Versions ClipBucket versions prior to 5.5.2 Description ClipBucket is an open source video sharing platform. A flaw exists in the AJAX flagging system that permits unauthenticated users to flag content, including users, videos, photos, and collections...

EUVD-2021-20029

Malware in sbrugna...

EUVD-2022-38827

Malicious code in bioql PyPI...

PYSEC-2025-119

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Prior to version 5.31.0, an arbitrary file copy vulnerability in Gradio's flagging feature allows unauthenticated attackers to copy a...

CVE-2025-48889 Gradio Allows Unauthorized File Copy via Path Manipulation

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Prior to version 5.31.0, an arbitrary file copy vulnerability in Gradio's flagging feature allows unauthenticated attackers to copy a...

CVE-2021-33320

The Flags module in Liferay Portal 7.3.1 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 5, does not limit the rate at which content can be flagged as inappropriate, which allows remote authenticated users to spam the site administrator with...

CVE-2025-21866

CVE-2025-21866 : In the Linux kernel, PowerPC text patching infrastructure allocated a virtual area and marked it VM_ALLOC, which is inappropriate since that memory is not vmalloc’d and isn’t initialized until __vmalloc_node_range() is called. This caused KASAN: vmalloc-out-of-bounds when booting...

CVE-2022-36065

GrowthBook is an open-source platform for feature flagging and A/B testing. With some self-hosted configurations in versions prior to 2022-08-29, attackers can register new accounts and upload files to arbitrary directories within the container. If the attacker uploads a Python script to the righ...

CVE-2022-36065

GrowthBook (self-hosted) prior to 2022-08-29 is affected by an account creation and arbitrary file-upload vulnerability that can lead to remote code execution if a Python script is uploaded to an arbitrary directory inside the container. Exploitation requires all of: self-hosted deployment (Growt...

CVE-2022-36065 GrowthBook account creation and file upload vulnerability in self-hosted configurations

GrowthBook is an open-source platform for feature flagging and A/B testing. With some self-hosted configurations in versions prior to 2022-08-29, attackers can register new accounts and upload files to arbitrary directories within the container. If the attacker uploads a Python script to the righ...

GHSA-WG4X-HF94-FJ5V Liferay Portal and Liferay DXP vulnerable to email spam via lack of flagging rate

The Flags module before version 5.0.11 in Liferay Portal 7.3.1 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 5, does not limit the rate at which content can be flagged as inappropriate, which allows remote authenticated users to spam the site...

Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging

Impact The gradio library has a flagging functionality which saves input/output data into a CSV file on the developer's computer. This can allow a user to save arbitrary text into the CSV file, such as commands. If a program like MS Excel opens such a file, then it automatically runs these...

GHSA-F8XQ-Q7PX-WG8C Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging

Impact The gradio library has a flagging functionality which saves input/output data into a CSV file on the developer's computer. This can allow a user to save arbitrary text into the CSV file, such as commands. If a program like MS Excel opens such a file, then it automatically runs these...