53 matches found
CVE-2024-39899
PrivateBin is an online pastebin where the server has zero knowledge of pasted data. In v1.5, PrivateBin introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the authentication toke...
EUVD-2025-35820
The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to unauthorized access to functionality provided by the API due to a missing capability check on the verifyRequest function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, wi...
EUVD-2024-2387
Malicious code in bioql PyPI...
CVE-2024-0524
A vulnerability was found in CXBSoft Url-shorting up to 1.3.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument url leads to sql injection. The exploit has been disclosed to the public and may be used...
CVE-2024-0527
A vulnerability, which was classified as critical, has been found in CXBSoft Url-shorting up to 1.3.1. This issue affects some unknown processing of the file /admin/pages/updatego.php of the component HTTP POST Request Handler. The manipulation of the argument version leads to sql injection. The...
Authorization Bypass
PrivateBin is vulnerable to Authorization Bypass. The vulnerability is exists due to insufficient authorization controls in the implementation of the YOURLS server-side proxy mechanism, The vulnerability allows any user to shorten URLs pointing to the configured PrivateBin instance, bypassing the...
PrivateBin allows shortening of URLs for other domains
In v1.5 we introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the authentication token to the public, allowing anyone to shorten any URL. With the proxy mechanism, anyone can...
GHSA-MQQJ-FX8H-437J PrivateBin allows shortening of URLs for other domains
In v1.5 we introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the authentication token to the public, allowing anyone to shorten any URL. With the proxy mechanism, anyone can...
CVE-2024-39899 PrivateBin allows shortening of URLs for other domains
PrivateBin is an online pastebin where the server has zero knowledge of pasted data. In v1.5, PrivateBin introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the authentication toke...
CVE-2024-39899 PrivateBin allows shortening of URLs for other domains
PrivateBin is an online pastebin where the server has zero knowledge of pasted data. In v1.5, PrivateBin introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the authentication toke...
CVE-2024-0527
CXBSoft Url-shorting
CVE-2024-0525
A vulnerability classified as critical has been found in CXBSoft Url-shorting up to 1.3.1. This affects an unknown part of the file /pages/longsshort.php of the component HTTP POST Request Handler. The manipulation of the argument longurl leads to sql injection. The exploit has been disclosed to...
CVE-2024-0524
A vulnerability was found in CXBSoft Url-shorting up to 1.3.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument url leads to sql injection. The exploit has been disclosed to the public and may be used...
CVE-2024-0524
A vulnerability was found in CXBSoft Url-shorting up to 1.3.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument url leads to sql injection. The exploit has been disclosed to the public and may be used...
CVE-2024-0525
A vulnerability classified as critical has been found in CXBSoft Url-shorting up to 1.3.1. This affects an unknown part of the file /pages/longsshort.php of the component HTTP POST Request Handler. The manipulation of the argument longurl leads to sql injection. The exploit has been disclosed to...
CVE-2024-0526
A vulnerability classified as critical was found in CXBSoft Url-shorting up to 1.3.1. This vulnerability affects unknown code of the file /pages/shorttolong.php of the component HTTP POST Request Handler. The manipulation of the argument shorturl leads to sql injection. The exploit has been...
Sql injection
A vulnerability classified as critical has been found in CXBSoft Url-shorting up to 1.3.1. This affects an unknown part of the file /pages/longsshort.php of the component HTTP POST Request Handler. The manipulation of the argument longurl leads to sql injection. The exploit has been disclosed to...
Sql injection
A vulnerability classified as critical was found in CXBSoft Url-shorting up to 1.3.1. This vulnerability affects unknown code of the file /pages/shorttolong.php of the component HTTP POST Request Handler. The manipulation of the argument shorturl leads to sql injection. The exploit has been...
CVE-2024-0526 CXBSoft Url-shorting HTTP POST Request short_to_long.php sql injection
A vulnerability classified as critical was found in CXBSoft Url-shorting up to 1.3.1. This vulnerability affects unknown code of the file /pages/shorttolong.php of the component HTTP POST Request Handler. The manipulation of the argument shorturl leads to sql injection. The exploit has been...
CVE-2024-0526
CXBSoft Url-shorting