sharp 安全漏洞

Sharp is a personal development tool by Lovell, designed to convert large images in common formats into smaller, web-friendly JPEG, PNG, WebP, GIF, and AVIF images. Versions of Sharp from 9.0.0 to 9.22.3 contained a security vulnerability. This vulnerability stemmed from the create and store...

Flowise 安全漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authentication and permission checks at the OpenAI Assistants Vector Store...

SUSE CVE-2025-70849

Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy CSP or adequate Content-Type validation, leading to Stored...

Podinfo affected by Arbitrary File Upload that leads to Stored Cross-Site Scripting (XSS)

Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy CSP or adequate Content-Type validation, leading to Stored...

GHSA-MW8W-Q3F7-2V85 Podinfo affected by Arbitrary File Upload that leads to Stored Cross-Site Scripting (XSS)

Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy CSP or adequate Content-Type validation, leading to Stored...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the store endpoint. An attacker can execute arbitrary scripts in the context of users by uploading specially crafted files that are rendered without proper content validation. Remediation There is no fixed...

CVE-2025-70849

Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy CSP or adequate Content-Type validation, leading to Stored...

CVE-2025-70849

Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy CSP or adequate Content-Type validation, leading to Stored...

Exploit for CVE-2025-70849

CVE-2025-70849-Podinf...

CVE-2025-70849

Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy CSP or adequate Content-Type validation, leading to Stored...

CVE-2025-70849

Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy CSP or adequate Content-Type validation, leading to Stored...

EUVD-2025-206697

Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy CSP or adequate Content-Type validation, leading to Stored...

PT-2026-5988

Name of the Vulnerable Software and Affected Versions podinfo versions through 6.9.0 Description An issue exists in podinfo that allows unauthenticated attackers to upload arbitrary files through a crafted POST request to the /store endpoint. The application renders uploaded content without a...

📄 Podinfo 6.10.0 Cross Site Scripting

Podinfo versions 6.10.0 and below suffer from a cross site scripting vulnerability. CVE-2025-70849: Stored XSS in Podinfo Summary A security vulnerability CWE-79 was identified in Podinfo, a web application for demonstrating Kubernetes microservices. The /store feature allows unauthenticated user...

CVE-2023-27707

SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank parameter in the /dede/groupstore.php endpoint...

Information Exposure

Overview shopware/platform is a Shopware e-commerce core. Affected versions of this package are vulnerable to Information Exposure via the store-api endpoint. An attacker can determine if an email address is registered by observing the response from the /store-api/account/recovery-password...

Information Exposure

Overview shopware/core is a Shopware platform is the core for all Shopware ecommerce products. Affected versions of this package are vulnerable to Information Exposure via the store-api endpoint. An attacker can determine if an email address is registered by observing the response from the...

pgAdmin 跨站脚本漏洞

pgAdmin is an open source management and development platform for the open source database PostgreSQL. A cross-site scripting vulnerability exists in pgAdmin 8.5 and earlier versions, which stems from a cross-site scripting vulnerability in the /settings/store endpoint that responds to a json loa...

PT-2024-20842 · Unknown · Niushop B2B2C

Name of the Vulnerable Software and Affected Versions: Niushop B2B2C V5 affected versions not specified Description: The issue allows attackers to run arbitrary SQL commands via latitude and longitude parameters in the /app/api/controller/Store.php endpoint. This enables potential exploitation fo...