CubeCart 代码注入漏洞

CubeCart is an open-source e-commerce software developed by CubeCart. Versions of CubeCart prior to 6.7.0 had a code injection vulnerability. This vulnerability stemmed from insecure server-side template injections in multiple modules. The application evaluated user input directly through the...

open-notebook 安全漏洞

Open-Notebook is a privacy-oriented multi-model AI note-taking tool developed by Luis Novo. Version 1.8.3 of Open-Notebook contains a security vulnerability. This vulnerability stems from a lack of input validation, which may allow users to execute Python code and operating system commands on...

Beghelli Sicuro24 SicuroWeb 安全漏洞

Beghelli Sicuro24 SicuroWeb is a remote security monitoring and alarm management platform provided by the Italian company Beghelli. There are security vulnerabilities in Beghelli Sicuro24 SicuroWeb. These vulnerabilities stem from the inclusion of AngularJS 1.5.2, which contains known sandbox...

GitHub Security Lab: CodeQL query to detect Server-Side Template Injections (JavaScript)

This bug was reported directly to GitHub Security Lab...

h1-5411-CTF: Flag WriteUp

Hello everyone , here is my writeup : Intro First I decoded the QR Code of the tweet , decoding to Here you go: 68747470733a2f2f68312d353431312e68316374662e636f6d . Decoding the hex value we get the challenge URL : https://h1-5411.h1ctf.com Path traversal + local file read On the website I found...