CVE-2025-48370

auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.70.0, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the...

CVE-2025-48370 auth-js Vulnerable to Insecure Path Routing from Malformed User Input

auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.69.1, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the...

IssabelPbx 跨站请求伪造漏洞

IssabelPbx is an open source Gui graphical user interface from the Issabel Foundation. It is used to control and manage Asterisk Pbx. A security vulnerability exists in Issabel issabel-pbx version v.4.0.0-6, which originated from a vulnerability that allows remote attackers to gain privileges via...

Citrix Gateway和Citrix ADC 授权问题漏洞

Citrix Systems Citrix Gateway Citrix Systems NetScaler Gateway and Citrix ADC are both products of Citrix Systems, Inc.Citrix Gateway is a secure remote access solution. The product provides administrators with application-level and data-level controls to enable users to remotely access...

CVE-2020-28858

OpenAsset Digital Asset Management DAM through 12.0.19 does not correctly verify whether a request made to the application was intentionally made by the user, allowing for cross-site request forgery attacks on all user functions...