104 matches found
CVE-2025-47945
Donetick an open-source app for managing tasks and chores. Prior to version 0.1.44, the application uses JSON Web Tokens JWT for authentication, but the signing secret has a weak default value. While the responsibility is left to the system administrator to change it, this approach is inadequate...
CVE-2025-47945
Donetick is an open‑source task/chores app. Before v0.1.44, it uses JWT authentication with a weak default signing secret, enabling potential full account takeover of any user. The live version confirms the issue. A patch is available in v0.1.44; recommended mitigation is upgrading to 0.1.44 or l...
CVE-2025-47945 Donetick Has Weak Default JWT Secret
Donetick an open-source app for managing tasks and chores. Prior to version 0.1.44, the application uses JSON Web Tokens JWT for authentication, but the signing secret has a weak default value. While the responsibility is left to the system administrator to change it, this approach is inadequate...
Snowbridge 安全漏洞
Snowbridge is an open source application from Snowplow. A security vulnerability exists in Snowbridge that stems from an invalid GTM SS preview header that could lead to infinite event retries...
Aliconnect 安全漏洞
Aliconnect is an application in the Aliconnect open source. A security vulnerability exists in Aliconnect version 0.0.6, which stems from prototype contamination and could lead to arbitrary code execution...
InvoicePlane 安全漏洞
InvoicePlane is an application from InvoicePlane Open Source. Provides a self-hosted open source application for managing your quotes, invoices, customers and payments. A security vulnerability exists in InvoicePlane 1.6.11 and prior versions that originates from remote code execution...
LiteLLM Resource Management Error Vulnerability
LiteLLM is a Berri AI open source application. All LLM APIs can be called using the OpenAI format. LiteLLM has a resource management error vulnerability that stems from an insecure parsing of user input in ast.literaleval, which can be exploited by an attacker to cause a denial of service...
CVE-2025-27417 WeGIA Contains a Stored Cross-Site Scripting (XSS) in 'adicionar_status_atendido.php' via the 'status' parameter
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionarstatusatendido.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into...
CVE-2025-26605 SQL Injection endpoint 'deletar_cargo.php' parameter 'id_cargo' in WeGIA
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, deletarcargo.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access...
Dumb Drop 安全漏洞
Dumb Drop is an open source application from DumbWare. A security vulnerability exists in Dumb Drop that stems from OS command injection and could allow an attacker to remotely execute arbitrary code...
CVE-2025-23032 Cross-Site Scripting (XSS) Stored endpoint 'adicionar_escala.php' parameter 'escala' in WeGIA
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionarescala.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts int...
Nextcloud Resource Management Error Vulnerability
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from a resource management error vulnerability that stems from the fact that due to a pre-sent HEAD request, the link reference provider...
ImportDump 安全漏洞
ImportDump is an open source application from Miraheze. A security vulnerability exists in ImportDump, which stems from the fact that a user on another wiki can act as the original wiki requester if the user on the other wiki happens to have the same participant ID as a user on this wiki...
Distro Linux Workbooth 访问控制错误漏洞
Distro Linux Workbooth is an open source application for Distro Linux. An access control error vulnerability exists in Distro Linux Workbooth version v2.5, which originates from allowing privileges to be elevated to the root user via manipulation of network configuration scripts...
CVE-2024-29179 phpMyFAQ Stored Cross-site Scripting at File Attachments
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks...
CVE-2024-27301 Privilege Escalation Abusing installer in SupportApp
Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang !/bin/zsh is being used...
onpremises Cross-Site Scripting Vulnerability
onpremises is an open source application from Structurizr. A cross-site scripting vulnerability exists in versions prior to onpremises 3194. An attacker could exploit this vulnerability to perform cross-site scripting attacks...
GitHub Enterprise Server Security Vulnerability
GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stems from the discovery o...
CVE-2023-37275 System logs spoofable in Auto-GPT via ANSI control sequences
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. The Auto-GPT command line UI makes heavy use of color-coded print statements to signify different types of system messages to the user, including messages that are crucial for the user to...
CVE-2023-37275 System logs spoofable in Auto-GPT via ANSI control sequences
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. The Auto-GPT command line UI makes heavy use of color-coded print statements to signify different types of system messages to the user, including messages that are crucial for the user to...