6 matches found
Authorization Bypass Through User-Controlled Key
Overview @studiocms/s3-storage is an Add S3 Storage Support into your StudioCMS project. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the create-reset-link process. An attacker can gain unauthorized access to higher-privileged accounts by...
CVE-2025-55745
UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Versions 0.3.0 and prior are vulnerable to CSV injection, also known as formula injection, in the Quick Export feature. This vulnerability allows attackers to inject malicious content into exported...
CVE-2025-55745
CVE-2025-55745 affects UnoPim (Laravel-based PIM). Versions 0.3.0 and earlier are vulnerable to CSV/Formula Injection in Quick Export, allowing malicious content in exported CSVs to be interpreted as formulas, potentially enabling remote code execution (including reverse shells). Remediation: upg...
CVE-2025-55745 UnoPim Quick Export feature is vulnerable to CSV injection
UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Versions 0.3.0 and prior are vulnerable to CSV injection, also known as formula injection, in the Quick Export feature. This vulnerability allows attackers to inject malicious content into exported...
Arbitrary File Upload
Overview podcastfy is an An Open Source alternative to NotebookLM's podcast feature: Transforming Multimodal Content into Captivating Multilingual Audio Conversations with GenAI Affected versions of this package are vulnerable to Arbitrary File Upload through allowing image loading from local pat...
PT-2023-26896 · Vyper · Vyper
Name of the Vulnerable Software and Affected Versions: Vyper versions 0.2.15 through 0.3.0 Description: The issue arises from the incorrect allocation of named re-entrancy locks in Vyper versions 0.2.15, 0.2.16, and 0.3.0. Each function using a named re-entrancy lock gets a unique lock regardless...