63 matches found
CVE-2025-1026
Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method, which results in a Local File Inclusion allowing the attacker to read sensitive files. Note: This is a bypass of the fix for CVE-2024-21549...
CVE-2025-1022
Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html, which can be bypassed by omitting the slashes in the file URI e.g., file:../../../../etc/passwd. This is due to missing validations of the use...
EUVD-2024-3613
Malicious code in bioql PyPI...
EUVD-2025-0240
Malicious code in bioql PyPI...
EUVD-2025-9704
Malicious code in bioql PyPI...
EUVD-2022-5235
Malicious code in bioql PyPI...
EUVD-2024-3576
Malicious code in bioql PyPI...
EUVD-2024-3469
Malicious code in bioql PyPI...
Server Side Request Forgery (SSRF)
spatie/browsershot is vulnerable to Server-side Request Forgery SSRF. The vulnerability is due to a missing restriction on user input in the setUrl function, allowing attackers to access localhost and list its directories...
CVE-2025-3192
Versions of the package spatie/browsershot from 0.0.0 are vulnerable to Server-side Request Forgery SSRF in the setUrl function due to a missing restriction on user input, enabling attackers to access localhost and list all of its directories...
CVE-2025-3192
Versions of the package spatie/browsershot from 0.0.0 are vulnerable to Server-side Request Forgery SSRF in the setUrl function due to a missing restriction on user input, enabling attackers to access localhost and list all of its directories...
CVE-2025-3192
Versions of the package spatie/browsershot from 0.0.0 are vulnerable to Server-side Request Forgery SSRF in the setUrl function due to a missing restriction on user input, enabling attackers to access localhost and list all of its directories...
CVE-2025-3192
Versions of the package spatie/browsershot from 0.0.0 are vulnerable to Server-side Request Forgery SSRF in the setUrl function due to a missing restriction on user input, enabling attackers to access localhost and list all of its directories...
CVE-2025-3192
CVE-2025-3192 affects the Spatie/browsershot package with SSRF in the setUrl() function caused by insufficient input validation. Connected sources identify vulnerable ranges such as 0.0.0 (and up to 3.1 in PT-2025-14839) and, per GHSA guidance, from 0.0.0 to 5.0.3. The underlying issue allows an ...
PT-2025-14839 · Unknown · Spatie/Browsershot
Name of the Vulnerable Software and Affected Versions: spatie/browsershot versions 0.0.0 through 3.1 Description: The issue is related to Server-side Request Forgery SSRF in the setUrl function due to a missing restriction on user input. This enables attackers to access localhost and list all of...
CVE-2024-21547
Versions of the package spatie/browsershot before 5.0.2 are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\\. An attacker could read any file on the server by exploiting the normalization of \ into /...
CVE-2024-21549
Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by utilizing view-source:file://, which allows for arbitrary file reading on a local file. Note:...
CVE-2024-21544
Versions of the package spatie/browsershot before 5.0.1 are vulnerable to Improper Input Validation due to improper URL validation in the setUrl method. An attacker can exploit this vulnerability by using leading whitespace %20 before the file:// protocol, resulting in Local File Inclusion, which...
CVE-2025-1026
Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method, which results in a Local File Inclusion allowing the attacker to read sensitive files. Note: This is a bypass of the fix for CVE-2024-21549...
CVE-2025-1022
Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html, which can be bypassed by omitting the slashes in the file URI e.g., file:../../../../etc/passwd. This is due to missing validations of the use...