19 matches found
Memory Allocation with Excessive Size Value
Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the endpoints.GetSessionCookie function. An attacker can exhaust system memory resources by sending specially crafted requests containing a large cookie chunk count, resulting in unbounded...
Memory Allocation with Excessive Size Value
Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the endpoints.GetSessionCookie function. An attacker can exhaust system memory resources by sending specially crafted requests containing a large cookie chunk count, resulting in unbounded...
zrok 安全漏洞
Zrok is a secure internet sharing tool developed by OpenZiti. Versions of Zrok prior to 2.0.1 contained security vulnerabilities; these vulnerabilities stemmed from a lack of upper limit checks on the number of cookie blocks, which could lead to denial-of-service attacks...
zrok 安全漏洞
Zrok is a secure internet sharing tool developed by OpenZiti. Versions of Zrok prior to 2.0.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of the text/template template engine without proper escaping of the refreshInterval parameter, which could lead to cross-sit...
EUVD-2025-6004
Malicious code in bioql PyPI...
EUVD-2025-6003
Malicious code in bioql PyPI...
CVE-2025-27500
OpenZiti is a free and open source project focused on bringing zero trust to any application. An endpoint/api/upload on the admin panel can be accessed without any form of authentication. This endpoint accepts an HTTP POST to upload a file which is then stored on the node and is available via URL...
CVE-2025-27501
OpenZiti is a free and open source project focused on bringing zero trust to any application. An endpoint on the admin panel can be accessed without any form of authentication. This endpoint accepts a user-supplied URL parameter to connect to an OpenZiti Controller and performs a server-side...
CVE-2025-27501
OpenZiti is a free and open source project focused on bringing zero trust to any application. An endpoint on the admin panel can be accessed without any form of authentication. This endpoint accepts a user-supplied URL parameter to connect to an OpenZiti Controller and performs a server-side...
CVE-2025-27500
OpenZiti is a free and open source project focused on bringing zero trust to any application. An endpoint/api/upload on the admin panel can be accessed without any form of authentication. This endpoint accepts an HTTP POST to upload a file which is then stored on the node and is available via URL...
CVE-2025-27501 Server Side Request Forgery in Ziti Console
OpenZiti is a free and open source project focused on bringing zero trust to any application. An endpoint on the admin panel can be accessed without any form of authentication. This endpoint accepts a user-supplied URL parameter to connect to an OpenZiti Controller and performs a server-side...
CVE-2025-27501
CVE-2025-27501 describes an unauthenticated SSRF in OpenZiti Console where an admin-panel endpoint accepts a user-supplied URL parameter to connect to an OpenZiti Controller, enabling server-side requests. Root cause: server-side request is triggered using a node’s identity via the parameter. Imp...
CVE-2025-27501 Server Side Request Forgery in Ziti Console
OpenZiti is a free and open source project focused on bringing zero trust to any application. An endpoint on the admin panel can be accessed without any form of authentication. This endpoint accepts a user-supplied URL parameter to connect to an OpenZiti Controller and performs a server-side...
CVE-2025-27500 Cross Site Scripting potential in Ziti Console
OpenZiti is a free and open source project focused on bringing zero trust to any application. An endpoint/api/upload on the admin panel can be accessed without any form of authentication. This endpoint accepts an HTTP POST to upload a file which is then stored on the node and is available via URL...
CVE-2025-27500 Cross Site Scripting potential in Ziti Console
OpenZiti is a free and open source project focused on bringing zero trust to any application. An endpoint/api/upload on the admin panel can be accessed without any form of authentication. This endpoint accepts an HTTP POST to upload a file which is then stored on the node and is available via URL...
CVE-2025-27500 Cross Site Scripting potential in Ziti Console
OpenZiti is a free and open source project focused on bringing zero trust to any application. An endpoint/api/upload on the admin panel can be accessed without any form of authentication. This endpoint accepts an HTTP POST to upload a file which is then stored on the node and is available via URL...
CVE-2025-27500
CVE-2025-27500 affects OpenZiti Console. An unauthenticated POST to the admin endpoint /api/upload can upload files stored on the node, which can be accessed to trigger a stored XSS when viewed in a user’s browser. The issue is tied to the legacy node-server behavior of the admin panel; the funct...
OpenZiti Console 代码问题漏洞
OpenZiti Console is an OpenZiti open source web interface for the management of an OpenZiti network. A code issue vulnerability exists in OpenZiti Console versions prior to 3.7.1 that stems from unauthenticated access to an endpoint and could lead to server-side request forgery...
OpenZiti Console 跨站脚本漏洞
OpenZiti Console is an OpenZiti open source web interface for the management of an OpenZiti network. A cross-site scripting vulnerability exists in OpenZiti Console versions prior to 3.7.1, which stems from unauthenticated access to the /api/upload endpoint and could lead to a stored cross-site...