Lucene search
K

6 matches found

Snyk
Snyk
added 2026/03/12 2:49 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview @studiocms/s3-storage is an Add S3 Storage Support into your StudioCMS project. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the create-reset-link process. An attacker can gain unauthorized access to higher-privileged accounts by...

7.2CVSS5.8AI score0.00344EPSS
Exploits1References2
NVD
NVD
added 2025/08/22 5:15 p.m.6 views

CVE-2025-55745

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Versions 0.3.0 and prior are vulnerable to CSV injection, also known as formula injection, in the Quick Export feature. This vulnerability allows attackers to inject malicious content into exported...

8.8CVSS0.00576EPSS
Exploits1References2
CVE
CVE
added 2025/08/22 4:14 p.m.29 views

CVE-2025-55745

CVE-2025-55745 affects UnoPim (Laravel-based PIM). Versions 0.3.0 and earlier are vulnerable to CSV/Formula Injection in Quick Export, allowing malicious content in exported CSVs to be interpreted as formulas, potentially enabling remote code execution (including reverse shells). Remediation: upg...

8.8CVSS7.3AI score0.00576EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/08/22 4:14 p.m.5 views

CVE-2025-55745 UnoPim Quick Export feature is vulnerable to CSV injection

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Versions 0.3.0 and prior are vulnerable to CSV injection, also known as formula injection, in the Quick Export feature. This vulnerability allows attackers to inject malicious content into exported...

5.5CVSS7.6AI score0.00576EPSS
Exploits1References4
Snyk
Snyk
added 2024/12/01 6:38 a.m.1 views

Arbitrary File Upload

Overview podcastfy is an An Open Source alternative to NotebookLM's podcast feature: Transforming Multimodal Content into Captivating Multilingual Audio Conversations with GenAI Affected versions of this package are vulnerable to Arbitrary File Upload through allowing image loading from local pat...

8.7CVSS7.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/08/07 12:0 a.m.5 views

PT-2023-26896 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions 0.2.15 through 0.3.0 Description: The issue arises from the incorrect allocation of named re-entrancy locks in Vyper versions 0.2.15, 0.2.16, and 0.3.0. Each function using a named re-entrancy lock gets a unique lock regardless...

9.1CVSS7.1AI score0.00706EPSS
Exploits1References14
Rows per page
Query Builder