5 matches found
PT-2026-24434
LinkAce is a self-hosted archive to collect website links. When a user creates a link via POST /links, the server fetches HTML metadata from the provided URL LinkRepository::create calls HtmlMeta::getFromUrl. The LinkStoreRequest validation rules do not include NoPrivateIpRule, allowing server-si...
CyberData 011209 SIP Emergency Intercom
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, cause a denial-of-service condition, or achieve code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation...
GHSA-QX9M-27WH-7FJG Downloads Resources over HTTP in jvminstall
Affected versions of jvminstall insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...
GHSA-3X83-P476-VV95 Downloads Resources over HTTP in selenium-standalone-painful
Affected versions of selenium-standalone-painful insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...
GHSA-5PQ8-2Q24-MJ3P Downloads Resources over HTTP in fis-parser-sass-bin
Affected versions of fis-parser-sass-bin insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution o...