4 matches found
Navidrome has XSS via comment from song metadata
Summary An XSS vulnerability in the frontend allows a malicious attacker to inject code through the comment metadata of a song to exfiltrate user credentials. An attacker's maliciously crafted song has to be added to Navidrome to exploit the vulnerability. Details The frontend is using React. In...
CVE-2025-57203
MagicProject AI version 9.1 is affected by a Cross-Site Scripting XSS vulnerability within the chatbot generation feature available to authenticated admin users. The vulnerability resides in the prompt parameter submitted to the /dashboard/user/generator/generate-stream endpoint via a...
Cloudflare WARP 安全漏洞
Cloudflare WARP Cloudflare Vpn is a client application for secure connections from Cloudflare, Inc. in the United States. A security vulnerability exists in Cloudflare WARP that stems from a lack of security policy...
PT-2023-36085 · Unknown · Const-Cstr
Name of the Vulnerable Software and Affected Versions: const-cstr affected versions not specified Description: The const-cstr crate has been archived and no longer maintained, with unreachable maintainers and no security policy in place. A significant issue is that the crate violates the safety...