18 matches found
UBUNTU-CVE-2026-36499
A missing upper-bound check in the udpifsetthreads function of Ope...
EUVD-2024-1609
Malicious code in bioql PyPI...
OSV-2025-766 Heap-buffer-overflow in Open
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=446027676 Crash type: Heap-buffer-overflow READ 4 Crash state: Open demuxProbe vlcmoduleload...
CVE-2024-25738
A Server-Side Request Forgery SSRF vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to gain access to the administrator panel and achieve Remote Code Execution. A mitigating...
CVE-2024-25737
A Server-Side Request Forgery SSRF vulnerability in the /Cover/Show route showAction in CoverController.php in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting XSS attacks by proxying arbitrary URL...
VuFind Server-Side Request Forgery (SSRF) vulnerability
A Server-Side Request Forgery SSRF vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to gain access to the administrator panel and achieve Remote Code Execution. A mitigating...
GHSA-WX24-VQRG-M6M5 VuFind Server-Side Request Forgery (SSRF) vulnerability
A Server-Side Request Forgery SSRF vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to gain access to the administrator panel and achieve Remote Code Execution. A mitigating...
VuFind Server-Side Request Forgery (SSRF) vulnerability
A Server-Side Request Forgery SSRF vulnerability in the /Cover/Show route showAction in CoverController.php in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting XSS attacks by proxying arbitrary URL...
CVE-2024-25737
A Server-Side Request Forgery SSRF vulnerability in the /Cover/Show route showAction in CoverController.php in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting XSS attacks by proxying arbitrary URL...
CVE-2024-25738
A Server-Side Request Forgery SSRF vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to gain access to the administrator panel and achieve Remote Code Execution. A mitigating...
CVE-2024-25737
A Server-Side Request Forgery SSRF vulnerability in the /Cover/Show route showAction in CoverController.php in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting XSS attacks by proxying arbitrary URL...
CVE-2024-25737
VuFind 2.4–9.1 (pre-9.1.1) is affected by a Server-Side Request Forgery (SSRF) in the /Cover/Show route (ShowAction in CoverController.php). The vulnerability allows an attacker to proxy arbitrary URLs via the proxy GET parameter, enabling access to internal HTTP services and potentially enabling...
CVE-2024-25737
A Server-Side Request Forgery SSRF vulnerability in the /Cover/Show route showAction in CoverController.php in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting XSS attacks by proxying arbitrary URL...
CVE-2024-25738
A Server-Side Request Forgery SSRF vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to gain access to the administrator panel and achieve Remote Code Execution. A mitigating...
Open Library Foundation VuFind 安全漏洞
Open Library Foundation VuFind is an open source library resource discovery Discovery system from the Open Library Foundation. A security vulnerability exists in Open Library Foundation VuFind versions 2.4 through prior to 9.1.1, which stems from the presence of a server-side request forgery SSRF...
PT-2024-21119 · Open Library Foundation · Vufind
Name of the Vulnerable Software and Affected Versions: Open Library Foundation VuFind versions 2.4 through 9.1 before 9.1.1 Description: A Server-Side Request Forgery SSRF vulnerability in the "/Cover/Show" route, specifically in the showAction function of CoverController.php, allows remote...
CVE-2022-23081
In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Reflected XSS...
CVE-2021-44014
A vulnerability has been identified in JT Open All versions V11.1.1.0, JT Utilities All versions V13.1.1.0, Solid Edge All versions V2023. The Jt1001.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this...