4 matches found
EUVD-2025-111991
Malicious code in karma-upgrade-backend-hermes npm...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization due to inconsistent checks in the backend routing. An attacker can gain unauthorized access to backend AJAX routes by directly invoking them without proper permissions. Note: Additional fixed versions are available...
CVE-2023-47633
Traefik is an open source HTTP reverse proxy and load balancer. The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. This issue has been addressed in versions...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization by exposing restricted items in the backend page tree to be viewed by other users, if the mounts pointed to pages restricted for their user/group or if permissions were set to "everybody". Remediation Upgrade...