CVE-2026-7142

A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function addorupdatescript of the file wooey/api/scripts.py of the component API Endpoint. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has...

Scramble 代码注入漏洞

Scramble is a tool developed by de:doc for automatically generating API documentation for Laravel projects. Versions of Scramble from 0.13.2 to 0.13.22 contained a code injection vulnerability. This vulnerability stemmed from the exposed documentation endpoints and the use of validation rules tha...

CVE-2026-7142

A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function addorupdatescript of the file wooey/api/scripts.py of the component API Endpoint. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has...

EUVD-2026-25893

A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function addorupdatescript of the file wooey/api/scripts.py of the component API Endpoint. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has...

PT-2026-35460

A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function add or update script of the file wooey/api/scripts.py of the component API Endpoint. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit ha...

CVE-2026-24048

CVE-2026-24048 affects Backstage FetchUrlReader in @backstage/backend-defaults prior to v0.12.2, v0.13.2, v0.14.1, and v0.15.0. The component would follow HTTP redirects, enabling an attacker who controls a host in backend.reading.allow to redirect requests to internal/sensitive URLs outside the ...

CVE-2023-4697

Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2...

EUVD-2024-2512

Malicious code in bioql PyPI...

EUVD-2023-2530

Malicious code in bioql PyPI...

EUVD-2023-2475

Malicious code in bioql PyPI...

CVE-2025-58357 5ire Chat Message XSS Vulnerability Enables Remote Code Execution

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Version 0.13.2 contains a vulnerability in the chat page's script gadgets that enables content injection attacks through multiple vectors: malicious prompt injection pages, compromised MCP server...

PT-2025-35861

Name of the Vulnerable Software and Affected Versions: 5ire version 0.13.2 5ire versions prior to 0.14.0 Description: 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. A flaw exists in the chat page's script gadgets that allows content injection...

CVE-2024-29028

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1...

CVE-2024-29030

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /api/resource that allows authenticated users to enumerate the internal network. Version 0.22.0 of memos removes the vulnerable file...

memos vulnerable to Server-Side Request Forgery and Cross-site Scripting

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current...

GHSA-9CQM-MGV9-VV9J memos vulnerable to Server-Side Request Forgery and Cross-site Scripting

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current...

WordPress Inline Google Spreadsheet Viewer plugin <= 0.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Inline Google Spreadsheet Viewer versions = 0.13.2...

memos 安全漏洞

memos is an open source hosted memos center with knowledge management and social features. A security vulnerability exists in memos version 0.13.2, which originates in /api/resource and allows authenticated users to enumerate the internal network...

CVE-2023-4698 Improper Input Validation in usememos/memos

Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2...

memos Access Control Error Vulnerability

memos is an open source hosted memo center with knowledge management and social features. An Access Control Error vulnerability exists in memos versions prior to 0.13.2, which stems from incorrect access control...