19 matches found
SUSE CVE-2026-33221
Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.12.0, the storage service's file upload handler trusts the client-provided Content-Type header without performing server-side MIME type detection. This allows an attacker to upload files with an arbitrary MIME type,...
CVE-2026-33221
Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.12.0, the storage service's file upload handler trusts the client-provided Content-Type header without performing server-side MIME type detection. This allows an attacker to upload files with an arbitrary MIME type,...
GO-2026-4759 Nhost Storage Affected by MIME Type Spoofing via Trusted Client Content-Type Header in Storage Upload in github.com/nhost/nhost
Nhost Storage Affected by MIME Type Spoofing via Trusted Client Content-Type Header in Storage Upload in github.com/nhost/nhost...
CVE-2026-33221 Nhost Storage Affected by MIME Type Spoofing via Trusted Client Content-Type Header in Storage Upload
Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.12.0, the storage service's file upload handler trusts the client-provided Content-Type header without performing server-side MIME type detection. This allows an attacker to upload files with an arbitrary MIME type,...
CVE-2026-33221 Nhost Storage Affected by MIME Type Spoofing via Trusted Client Content-Type Header in Storage Upload
Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.12.0, the storage service's file upload handler trusts the client-provided Content-Type header without performing server-side MIME type detection. This allows an attacker to upload files with an arbitrary MIME type,...
GHSA-G9F6-9775-HFFM Nhost Storage Affected by MIME Type Spoofing via Trusted Client Content-Type Header in Storage Upload
Summary The storage service's file upload handler trusts the client-provided Content-Type header without performing server-side MIME type detection. This allows an attacker to upload files with an arbitrary MIME type, bypassing any MIME-type-based restrictions configured on storage buckets...
Nhost Storage Affected by MIME Type Spoofing via Trusted Client Content-Type Header in Storage Upload
Summary The storage service's file upload handler trusts the client-provided Content-Type header without performing server-side MIME type detection. This allows an attacker to upload files with an arbitrary MIME type, bypassing any MIME-type-based restrictions configured on storage buckets...
PT-2026-24115
Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.31.5 Description Budibase is a low code platform used for creating internal tools, workflows, and admin panels. A path traversal flaw exists in the PWA Progressive Web App ZIP processing endpoint, specifically at...
CVE-2025-65112
PubNet is a self-hosted Dart/Flutter package service. CVE-2025-65112 concerns the /api/storage/upload endpoint, which prior to version 1.1.3 allowed unauthenticated users to upload packages using arbitrary author-id values, enabling identity spoofing and privilege escalation. Public advisories fr...
CVE-2025-65112 PubNet Critical Authentication Bypass Allows Unauthenticated Package Upload and Identity Spoofing
PubNet is a self-hosted Dart & Flutter package service. Prior to version 1.1.3, the /api/storage/upload endpoint in PubNet allows unauthenticated users to upload packages as any user by providing arbitrary author-id values. This enables identity spoofing, privilege escalation, and supply chain...
PubNet 安全漏洞
PubNet is a self-hosted package repository for the individual developer Ricardo Boss. A security vulnerability exists in PubNet versions prior to 1.1.3, which stems from an unauthenticated /api/storage/upload endpoint that could lead to identity spoofing and elevation of privilege...
PT-2025-48350
Name of the Vulnerable Software and Affected Versions PubNet versions prior to 1.1.3 Description PubNet is a self-hosted Dart & Flutter package service. The /api/storage/upload endpoint allows unauthenticated users to upload packages as any user by providing arbitrary author-id values. This enabl...
EUVD-2025-24059
Malicious code in bioql PyPI...
CVE-2025-8764
A vulnerability classified as critical has been found in linlinjava litemall up to 1.8.0. Affected is the function Upload of the file /wx/storage/upload. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclose...
CVE-2025-8764
A vulnerability classified as critical has been found in linlinjava litemall up to 1.8.0. Affected is the function Upload of the file /wx/storage/upload. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclose...
CVE-2025-8764 linlinjava litemall upload unrestricted upload
A vulnerability classified as critical has been found in linlinjava litemall up to 1.8.0. Affected is the function Upload of the file /wx/storage/upload. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclose...
CVE-2025-8764 linlinjava litemall upload unrestricted upload
A vulnerability classified as critical has been found in linlinjava litemall up to 1.8.0. Affected is the function Upload of the file /wx/storage/upload. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclose...
litemall 代码问题漏洞
litemall is a small shopping mall system for linlinjava individual developers. A code issue vulnerability exists in litemall 1.8.0 and earlier versions, which stems from improper handling of the parameter File in the file /wx/storage/upload, which could lead to unlimited uploads...
Saferwall - A Hackable Malware Sandbox For The 21St Century
Saferwall is an open source malware analysis platform. It aims for the following goals: Provide a collaborative platform to share samples among malware researchers. Acts as a system expert, to help researchers generates an automated malware analysis report. Hunting platform to find new malwares...