24 matches found
Directory Traversal
Overview @payloadcms/storage-gcs is a Payload storage adapter for Google Cloud Storage Affected versions of this package are vulnerable to Directory Traversal via insufficient sanitization of filenames in the client-upload signed-URL endpoints for S3, GCS, Azure, and R2. An attacker can escape th...
GHSA-FRQ9-7J6G-V74X Payload has Insufficient Filename Validation in Client-Upload Signed-URL Endpoints
Impact The client-upload signed-URL endpoints for S3, GCS, Azure, and R2 did not properly sanitize filenames. An attacker could craft filenames to escape the intended storage location. Consumers are affected if ALL of these are true: - Payload version v3.78.0 - Using client-upload signed-URL...
EUVD-2026-18019
Payload has Insufficient Filename Validation in Client-Upload Signed-URL Endpoints...
CVE-2026-34750 Payload has Insufficient Filename Validation in Client-Upload Signed-URL Endpoints
Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/storage-azure, @payloadcms/storage-gcs, @payloadcms/storage-r2, and @payloadcms/storage-s3, the client-upload signed-URL endpoints for S3, GCS, Azure, and R2 did not properly sanitize...
EUVD-2023-43009
Malicious code in bioql PyPI...
CVE-2024-29199
Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated anonymous users. These endpoints will not disclose any Nautobot data to an unauthenticated user unless the Nautobot configuration...
Improper Access Control
nautobot is vulnerable to Improper Access Control. The vulnerability is due to inadequate access control mechanisms where several Nautobot URL endpoints will not disclose any Nautobot data unless the configuration variable EXEMPTVIEWPERMISSIONS is modified from its default value, allowing...
CVE-2024-29199
Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated anonymous users. These endpoints will not disclose any Nautobot data to an unauthenticated user unless the Nautobot configuration...
Unauthenticated views may expose information to anonymous users
Impact A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated anonymous users, including the following: - /api/graphql/ 1 - /api/users/users/session/ Nautobot 2.x only; the only information exposed to an anonymous user is which authentication backend classes...
CVE-2023-41711
SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash...
Stack overflow
SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash...
Stack overflow
SonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash...
Stack overflow
SonicOS p ost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash...
CVE-2023-41711
SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash...
CVE-2023-41711
SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash...
CVE-2023-39280
SonicOS p ost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash...
CVE-2023-39280
SonicOS p ost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash...
CVE-2023-39277
SonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash...
CVE-2023-39277
CVE-2023-39277 is a SonicWall SonicOS post-authentication stack-based buffer overflow affecting the sonicflow.csv and appflowsessions.csv endpoints, which can cause a firewall crash. The Nessus/NVD entries describe it as one of multiple stack-based overflow issues in SonicOS management web interf...
CVE-2023-39277
SonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash...