Lucene search
+L

5 matches found

Github Security Blog
Github Security Blog
added 2026/05/04 9:19 p.m.20 views

AzuraCast Vulnerable to Liquidsoap Code Injection via Incomplete cleanUpString-to-toRawString Migration in Remote Relay Password Field

Summary The cleanUpString method in ConfigWriter.php uses an ungreedy regex to strip Liquidsoap string interpolation patterns ... from user input. This regex can be bypassed via nested interpolation syntax EXPR, allowing injection of arbitrary Liquidsoap code. Commit ff49ef4 migrated most...

6.4AI score
Exploits0References3Affected Software1
Prion
Prion
added 2024/01/03 5:15 p.m.25 views

Design/Logic Flaw

CubeFS is an open-source cloud-native file storage system. A vulnerability was found during in the CubeFS master component in versions prior to 3.3.1 that could allow an untrusted attacker to steal user passwords by carrying out a timing attack. The root case of the vulnerability was that CubeFS...

2.6CVSS6.9AI score0.00353EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/01/03 4:15 p.m.36 views

CVE-2023-46739 Timing attack can leak user passwords

CubeFS is an open-source cloud-native file storage system. A vulnerability was found during in the CubeFS master component in versions prior to 3.3.1 that could allow an untrusted attacker to steal user passwords by carrying out a timing attack. The root case of the vulnerability was that CubeFS...

6.5CVSS6AI score0.00353EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/01/03 4:13 p.m.33 views

CubeFS timing attack can leak user passwords

A vulnerability was found during in the CubeFS master component that could allow an untrusted attacker to steal user passwords by carrying out a timing attack. The root case of the vulnerability was that CubeFS used raw string comparison of passwords. The vulnerable part of CubeFS was the...

6.5CVSS7AI score0.00353EPSS
Exploits0References5Affected Software1
AlpineLinux
AlpineLinux
added 2020/01/16 3:55 a.m.72 views

CVE-2020-7106

Cacti 1.2.8 has stored XSS in datasources.php, colortemplatesitem.php, graphs.php, graphitems.php, lib/apiautomation.php, useradmin.php, and usergroupadmin.php, as demonstrated by the description parameter in datasources.php a raw string from the database that is displayed by $header to trigger t...

6.1CVSS7.2AI score0.02139EPSS
Exploits1References11
Rows per page
Query Builder