GO-2026-4573 ZITADEL's truncated opaque tokens are still valid in github.com/zitadel/zitadel

ZITADEL's truncated opaque tokens are still valid in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...

Unrestricted file upload

OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions and upload a .bat file by manipulating the file's magic bytes to masquerade as an allowed type. This can enable the attacker to execute...

CVE-2023-48031

OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions by manipulating the file’s magic bytes to masquerade a .bat as an allowed type, enabling arbitrary code execution or a reverse shell and lea...

CVE-2023-48031

OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions and upload a .bat file by manipulating the file's magic bytes to masquerade as an allowed type. This can enable the attacker to execute...