31 matches found
CVE-2026-44577 Next.js: Denial of Service in the Image Optimization API
Next.js is a React framework for building full-stack web applications. From 10.0.0 to before 15.5.16 and 16.2.5, when self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit. An attacker could...
CVE-2025-23214
Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. By monitoring the error code returned in the login, it is possible to figure out whether a user exist or not in the database. Patched in 0.17.7...
EUVD-2025-23660
Malicious code in bioql PyPI...
EUVD-2025-26598
Malicious code in bioql PyPI...
CVE-2025-58351 Outline's Local File Storage Feature can Cause CSP Bypass
Outline is a service that allows for collaborative documentation. In versions 0.72.0 through 0.83.0, Outline introduced a feature which facilitates local file system storage capabilities as an optional file storage strategy. This feature allowed a CSP bypass as well as a ContentType bypass that...
CVE-2025-58351 Outline's Local File Storage Feature can Cause CSP Bypass
Outline is a service that allows for collaborative documentation. In versions 0.72.0 through 0.83.0, Outline introduced a feature which facilitates local file system storage capabilities as an optional file storage strategy. This feature allowed a CSP bypass as well as a ContentType bypass that...
PT-2025-35656
Name of the Vulnerable Software and Affected Versions: Outline versions 0.72.0 through 0.83.0 Description: Outline, a collaborative documentation service, introduced a local file system storage feature in versions 0.72.0 through 0.83.0. This feature introduced a Content-Type bypass and a Cross-Si...
Malicious code in ace-one-widget-self-hosting (npm)
The package ace-one-widget-self-hosting was found to contain malicious code...
MAL-2025-13992 Malicious code in ace-one-widget-self-hosting (npm)
The package ace-one-widget-self-hosting was found to contain malicious code...
CVE-2025-23214
Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. By monitoring the error code returned in the login, it is possible to figure out whether a user exist or not in the database. Patched in 0.17.7...
CVE-2025-23214 Cosmos userbase checking vulnerability
Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. By monitoring the error code returned in the login, it is possible to figure out whether a user exist or not in the database. Patched in 0.17.7...
CVE-2025-23214 Cosmos userbase checking vulnerability
Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. By monitoring the error code returned in the login, it is possible to figure out whether a user exist or not in the database. Patched in 0.17.7...
Cosmos 安全漏洞
Cosmos is a method of self-hosting home servers by the individual developer Yann Stepienik. Designed to address the growing concern of vulnerable self-hosted applications and personal servers. A security vulnerability exists in versions of Cosmos prior to 0.17.7. An attacker exploiting the...
SSOReady has an XML Signature Bypass via differential XML parsing
Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers. Users of https://ssoready.com, the public hosted instance of...
GHSA-J2HR-Q93X-GXVH SSOReady has an XML Signature Bypass via differential XML parsing
Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers. Users of https://ssoready.com, the public hosted instance of...
CVE-2024-47180
Shields.io is a service for concise, consistent, and legible badges in SVG and raster format. Shields.io and users self-hosting their own instance of shields using version server-2024-09-25 are vulnerable to a remote execution vulnerability via the JSONPath library used by the Dynamic...
CVE-2024-47180 Shields.io Remote Code Execution vulnerability in Dynamic JSON/TOML/YAML badges
Shields.io is a service for concise, consistent, and legible badges in SVG and raster format. Shields.io and users self-hosting their own instance of shields using version server-2024-09-25 are vulnerable to a remote execution vulnerability via the JSONPath library used by the Dynamic...
CVE-2024-47180 Shields.io Remote Code Execution vulnerability in Dynamic JSON/TOML/YAML badges
Shields.io is a service for concise, consistent, and legible badges in SVG and raster format. Shields.io and users self-hosting their own instance of shields using version server-2024-09-25 are vulnerable to a remote execution vulnerability via the JSONPath library used by the Dynamic...
CVE-2024-47180 Shields.io Remote Code Execution vulnerability in Dynamic JSON/TOML/YAML badges
Shields.io is a service for concise, consistent, and legible badges in SVG and raster format. Shields.io and users self-hosting their own instance of shields using version server-2024-09-25 are vulnerable to a remote execution vulnerability via the JSONPath library used by the Dynamic...
CVE-2024-47170 Agnai File Disclosure Vulnerability: JSON via Path Traversal
Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to read arbitrary JSON files at attacker-chosen locations on the server. This issue can lead to unauthorized access to sensitive information an...