5 matches found
BIT-AUTHENTIK-2024-47077 authentik cross-provider token validation problems
authentik is an open-source identity provider. Prior to versions 2024.8.3 and 2024.6.5, access tokens issued to one application can be stolen by that application and used to impersonate the user against any other proxy provider. Also, a user can steal an access token they were legitimately issued...
EUVD-2020-18822
Malware in sbrugna...
CVE-2024-54461
The file names constructed within fileselector are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select a document file from that provider while using your app and could...
LlamaIndex Code Injection Vulnerability
LlamaIndex is a data framework for LLM applications by the individual developer Jerry Liu. A code injection vulnerability exists in LlamaIndex version 0.9.47, which stems from improper use of the eval function and allows a malicious or compromised LLM hosting provider to execute arbitrary command...
Tianjin Jin Yi Fang Network Information Technology Co., Ltd. Yi Fang Network APP has information leakage vulnerability
Bfang.com app is the exclusive software for registered users of Tianjin Bfang.com. Covering a wealth of real estate, houses, high-rise, villas, SOHO, stores. CAPTCHA information leakage: This vulnerability is mainly in the registration, the server will return the verification code to the client,...