Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2026/02/04 12:12 a.m.12 views

Navidrome has XSS via comment from song metadata

Summary An XSS vulnerability in the frontend allows a malicious attacker to inject code through the comment metadata of a song to exfiltrate user credentials. An attacker's maliciously crafted song has to be added to Navidrome to exploit the vulnerability. Details The frontend is using React. In...

6.1CVSS5.6AI score0.00297EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2025/09/22 8:15 p.m.4 views

CVE-2025-57203

MagicProject AI version 9.1 is affected by a Cross-Site Scripting XSS vulnerability within the chatbot generation feature available to authenticated admin users. The vulnerability resides in the prompt parameter submitted to the /dashboard/user/generator/generate-stream endpoint via a...

4.8CVSS6.2AI score0.00221EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/03/24 12:0 a.m.5 views

Cloudflare WARP 安全漏洞

Cloudflare WARP Cloudflare Vpn is a client application for secure connections from Cloudflare, Inc. in the United States. A security vulnerability exists in Cloudflare WARP that stems from a lack of security policy...

5.5CVSS5.8AI score0.00196EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/03/12 12:0 a.m.6 views

PT-2023-36085 · Unknown · Const-Cstr

Name of the Vulnerable Software and Affected Versions: const-cstr affected versions not specified Description: The const-cstr crate has been archived and no longer maintained, with unreachable maintainers and no security policy in place. A significant issue is that the crate violates the safety...

7AI score
Exploits0References4
Rows per page
Query Builder