CVE-2025-66311

This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/pages/page endpoint of the Grav application. This...

PsiTransfer: Violation of the integrity of file distribution

Summary The absence of restrictions on the endpoint, which allows you to create a path for uploading a file in a file distribution, allows an attacker to add arbitrary files to the distribution. Details Vulnerable endpoint: POST /files PoC 1. Create a file distribution. 2. Go to the link address ...

PT-2024-24087

Name of the Vulnerable Software and Affected Versions PsiTransfer versions prior to 2.2.0 Description The issue arises from the absence of restrictions on the "POST /files" endpoint, which allows users to create a path for uploading a file in a file distribution. This enables an attacker to add...

Freeware Advanced Audio mp4ff_read_mdhd Denial of Service Vulnerability

Freeware Advanced Audio Decoder is advanced audio encoder. Freeware Advanced Audio Decoder 2 FAAD2 version 2.7, a security vulnerability in the common/mp4ff/mp4atom.c/mp4ffreadmdhd function could allow a remote attacker to cause a denial of service vulnerability via a constructed mp4 file...