7 matches found
PYSEC-2026-346 gramps-webapi: Zip Slip Path Traversal in Media Archive Import
Summary A path traversal vulnerability Zip Slip exists in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with directory-traversal filenames to write arbitrary files outside the intended temporary extraction directory on the...
PT-2026-48481
Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 1.0.0 through 2.0.13 Description A cross-site request forgery CSRF issue exists where a cross-site GET request can trigger stored cron commands on a victim's agents. The dashboard exposes a manual-trigger action via t...
PT-2026-45486
Name of the Vulnerable Software and Affected Versions praisonai-platform versions prior to 0.1.4 Description A privilege escalation flaw exists in the PraisonAI Platform that allows any workspace member to grant owner-level privileges to arbitrary users. The issue stems from the POST...
Nextcloud: Can download files on Android app without permission
A vulnerability was discovered in the Android app where users could download files shared with them, even if the owner had disabled the download option. The vulnerability affected various file types, including PDF, document, image, and presentation files. The vulnerability allowed users to access...
CVE-2021-36097
Agents are able to lock the ticket without the "Owner" permission. Once the ticket is locked, it could be moved to the queue where the agent has "rw" permissions and gain a full control. This issue affects: OTRS AG OTRS 8.0.x version: 8.0.16 and prior versions...
CVE-2018-13663
The mintToken function of a smart contract implementation for BSCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value...
CVE-2018-13759
The mintToken function of a smart contract implementation for BIGCAdvancedToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value...