10 matches found
PT-2026-28505
Name of the Vulnerable Software and Affected Versions Fireshare versions prior to 1.5.2 Description Fireshare facilitates self-hosted media and link sharing. Version 1.5.1 contains an authenticated path traversal vulnerability in the chunked upload endpoint. The checkSum multipart field is used...
CVE-2025-24285
Multiple Improper Input Validation vulnerabilities in UniFi Connect EV Station Lite may allow a Command Injection by a malicious actor with network access to the UniFi Connect EV Station Lite. Affected Products: UniFi Connect EV Station Lite Version 1.5.1 and earlier Mitigation: Update UniFi...
CVE-2025-24285
CVE-2025-24285 affects UniFi Connect EV Station Lite (versions 1.5.1 and earlier). The issue is described as multiple improper input validation vulnerabilities that may allow a malicious actor with network access to perform command injection on the EV Station Lite. The CVSS 3.1 score is listed as...
CVE-2025-24285
Multiple Improper Input Validation vulnerabilities in UniFi Connect EV Station Lite may allow a Command Injection by a malicious actor with network access to the UniFi Connect EV Station Lite. Affected Products: UniFi Connect EV Station Lite Version 1.5.1 and earlier Mitigation: Update UniFi...
PT-2025-34171 · Ubiquiti · Unifi Connect Ev Station Lite
Name of the Vulnerable Software and Affected Versions: UniFi Connect EV Station Lite versions 1.5.1 and earlier Description: Multiple improper input validation vulnerabilities may allow a malicious actor with network access to execute commands on the UniFi Connect EV Station Lite. Recommendations...
Improper Input Validation
Overview alextselegidis/easyappointments is a powerful Open Source Appointment Scheduler that can be installed on your server. Affected versions of this package are vulnerable to Improper Input Validation via register function, an attacker has the ability to schedule appointments with exceptional...
SQL Injection
Overview python-sql is a Library to write SQL queries Affected versions of this package are vulnerable to SQL Injection due to improper escape of non-Expression for unary operators. Remediation Upgrade python-sql to version 1.5.2 or higher. References - Commit - Issue - Security Release Credit:...
PT-2024-4050 · Grafana · Grafana Oncall
Name of the Vulnerable Software and Affected Versions: Grafana OnCall versions 1.1.37 through 1.5.1 Description: The issue is related to insufficient validation of incoming requests in the webhook functionality of Grafana OnCall, which can allow a remote attacker to perform a Server Side Request...
PT-2024-22368 · Corewcf · Corewcf
Name of the Vulnerable Software and Affected Versions: CoreWCF versions prior to 1.4.2 CoreWCF versions prior to 1.5.2 Description: The issue affects NetFraming based CoreWCF services, where extra system resources could be consumed by connections being left established instead of closing or...
PT-2022-13183 · Grunt +3 · Grunt +3
Name of the Vulnerable Software and Affected Versions: Grunt versions prior to 1.5.2 Description: The issue is related to path traversal in the Grunt GitHub repository. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents...