4 matches found
UBUNTU-CVE-2025-46653
Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...
CVE-2024-38353 CodiMD - Missing Image Access Controls and Unauthorized Image Access
CodiMD allows realtime collaborative markdown notes on all platforms. CodiMD before 2.5.4 is missing authentication and access control vulnerability allowing an unauthenticated attacker to gain unauthorised access to image data uploaded to CodiMD. CodiMD does not require valid authentication to...
CVE-2024-38353 CodiMD - Missing Image Access Controls and Unauthorized Image Access
CodiMD allows realtime collaborative markdown notes on all platforms. CodiMD before 2.5.4 is missing authentication and access control vulnerability allowing an unauthenticated attacker to gain unauthorised access to image data uploaded to CodiMD. CodiMD does not require valid authentication to...
The vulnerability of Formidable’s library, related to the unlimited loading of dangerous type files, allows attackers to execute arbitrary code.
The vulnerability of Formidable’s library is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...