3 matches found
EUVD-2026-31936
Kavita is a cross platform reading server. Prior to 0.9.0, the ReaderController.GetImage endpoint is decorated with AllowAnonymous, allowing completely unauthenticated access to page images from any chapter in any library. While the endpoint accepts an apiKey parameter, it is never validated. Sin...
EUVD-2001-1469
Malware in sbrugna...
WPanel 代码问题漏洞
WPanel is a CMS for building blogs, websites, and web applications. A security vulnerability exists in WPanel 4 4.3.1 and lower, which originates from uploading 1 dashboard avatar images, 2 post folder images, 3 page folder images, and 4 gallery folder images via malicious PHP files...