3 matches found
CVE-2025-23208
zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database meta.db is an append-list so group revocations/removals are ignored in the API. SetUserGroups is alled on login, but instead of replacing the group memberships, they are appended...
CVE-2025-23208 IdP group membership revocation ignored in zot
zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database meta.db is an append-list so group revocations/removals are ignored in the API. SetUserGroups is alled on login, but instead of replacing the group memberships, they are appended...
PT-2024-28731 · Npm · @Jmondi/Url-To-Png
Name of the Vulnerable Software and Affected Versions: @jmondi/url-to-png versions prior to 2.1.2 Description: The issue arises from the lack of sanitization of the ImageId input in the code, leading to a path traversal vulnerability. This allows an attacker to store an image in an arbitrary...