69 matches found
PT-2025-47398
Name of the Vulnerable Software and Affected Versions Mozart FM Transmitter version WEBMOZZI-00287 Description The Mozart FM Transmitter web management interface version WEBMOZZI-00287 has an unrestricted file upload issue in the /patch.php endpoint. An attacker with administrative access can...
EUVD-2025-29517
Malicious code in bioql PyPI...
CVE-2025-51479
Authorization bypass in updateusergroup in onyx-dot-app Onyx Enterprise Edition 0.27.0 allows remote authenticated attackers to modify arbitrary user groups via crafted PATCH requests to the /api/manage/admin/user-group/id endpoint, bypassing intended curator-group assignment checks...
CVE-2025-27134 Privilege escalation in Joplin server via user patch endpoint
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Prior to version 3.3.3, a privilege escalation vulnerability exists in the Joplin server, allowing non-admin users to exploit the API endpoint PATCH /api/users/:id t...
lunary PATCH Endpoint Authorization Issue Vulnerability
lunary is lunary open source a production toolkit for LLM . lunary has an authorization problem vulnerability , the vulnerability stems from improper management of PATCH endpoint privileges , an attacker can use this vulnerability to cause low-privilege users to modify others' models...
Lunary 安全漏洞
lunary is lunary open source a production toolkit for LLM . lunary has an authorization problem vulnerability , the vulnerability stems from improper management of PATCH endpoint privileges , an attacker can use this vulnerability to cause low-privilege users to modify others' models...
CVE-2024-0551
Enable exports of the database and associated exported information of the system via the default user role. The attacked would have to have been granted access to the system prior to the attack. It is worth noting that the deterministic nature of the export name is lower risk as the UI for...
GHSA-R6WX-627V-GH2F Directus has an HTML Injection in Comment
Summary The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the application vulnerable to HTML Injection. Details The Comment feature implements a...
PT-2024-24088 · Unknown · Psitransfer
Name of the Vulnerable Software and Affected Versions: PsiTransfer versions prior to 2.2.0 Description: The issue arises from the absence of restrictions on the PATCH /files/id endpoint, which is designed for uploading files. This allows an attacker who has received the id of a file distribution ...