4 matches found
CVE-2025-27850
The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to restrict those link targets to a specific area of the...
PT-2026-40795
The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to restrict those link targets to a specific area of the...
CVE-2025-27850
The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to restrict those link targets to a specific area of the...
CVE-2025-61417
Cross-Site Scripting XSS vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/mediamanager component. Attackers can upload a malicious SVG file containing JavaScript code. When an administrator previews the file, the code executes in their browser context, allowing the attacker to...