CVE-2023-49099

Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4...

EUVD-2017-9503

Malware in sbrugna...

EUVD-2023-53108

Malicious code in bioql PyPI...

CVE-2025-53709

Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments. Under specific circumstances, privileged users of secure-upload could have selected email templates not necessarily...

CVE-2025-53709

The CVE-2025-53709 entries describe a privilege/authorization issue in Palantir Secure-upload, a data submission service installed on a limited set of environments. Affected component: Secure-upload before version 0.815.0. Reported problems include: privileged users could select email templates n...

CVE-2025-53709 Access control issues impacting secure-upload service

Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments. Under specific circumstances, privileged users of secure-upload could have selected email templates not necessarily...

CVE-2025-53709 Access control issues impacting secure-upload service

Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments. Under specific circumstances, privileged users of secure-upload could have selected email templates not necessarily...

Palantir secure-upload 授权问题漏洞

Palantir secure-upload is an upload component from Palantir USA. A security vulnerability exists in Palantir secure-upload versions prior to 0.815.0 that stems from a privileged user potentially abusing the endpoint redirection submission channel and an unauthenticated user potentially enumeratin...

BIT-DISCOURSE-2023-49099 Discourse secure uploads accessible to guests even when login is required

Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4...

CVE-2023-49099 Discourse secure uploads accessible to guests even when login is required

Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4...

Discourse 访问控制错误漏洞

Discourse is an open source community discussion platform. The platform includes features such as community, email and chat rooms. Discourse suffers from a security vulnerability that can be exploited by an attacker to access a secure upload URL associated with a post...

Accela Civic Platform Citizen Access portal contains multiple vulnerabilities

Overview Accela Civic Platform Citizen Access portal contains cross-site scripting and arbitrary file upload vulnerabilities. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2016-5660Accela Civic Platform Citizen Access portal contains ...

osTicket 1.9.12 XSS / File Upload / Access Bypass / Session Fixation

============================================= - Release date: February 04th, 2016 - Discovered by: Giovanni Cerrato and Enrico Cinquini - Severity: High ============================================= I. VULNERABILITY ------------------------- osTicket multiple vulnerabilities. II. INTRODUCTION...