9 matches found
EUVD-2023-1980
Malicious code in bioql PyPI...
CVE-2023-3566
A vulnerability was found in wallabag 2.5.4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /config of the component Profile Config. The manipulation of the argument Name leads to allocation of resources. The exploit has been disclosed ...
CVE-2023-0737
wallabag version 2.5.2 contains a Cross-Site Request Forgery CSRF vulnerability that allows attackers to arbitrarily delete user accounts via the /account/delete endpoint. This issue is fixed in version 2.5.4...
Cross-site Request Forgery (CSRF)
wallabag is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to insufficient request validation, allowing attackers to arbitrarily delete user accounts via the /account/delete endpoint...
Cross-Site Request Forgery (CSRF)
wallabag/wallabag is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists due to the lack of a CSRF token in the resetAction function of ConfigController.php, which allows an attacker to arbitrarily delete the victim user's annotations, entries and tags by sending GET requests ...
GHSA-RWPG-4C4C-V3R4 Duplicate Advisory: Wallabag user can reset data unintentionally
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-p8gp-899c-jvq9. This link is maintained to preserve external references. Original Description Cross-Site Request Forgery CSRF in GitHub repository wallabag/wallabag prior to 2.6.3...
wallabag 安全漏洞
wallabag is a web application that allows you to save web pages for later reading. A security vulnerability exists in wallabag version 2.5.4, which stems from the parameter Name in the file /config that causes resource allocation...
PT-2023-16488 · Wallabag · Wallabag
Name of the Vulnerable Software and Affected Versions: wallabag versions prior to 2.5.4 Description: The issue is related to improper authorization in the wallabag GitHub repository. Recommendations: For versions prior to 2.5.4, update to version 2.5.4 or later to resolve the issue...
PT-2023-16400 · Wallabag · Wallabag
Name of the Vulnerable Software and Affected Versions: wallabag versions prior to 2.5.3 Description: The issue concerns improper authorization in the wallabag GitHub repository. Specifically, the annotations feature allows users to add annotations on highlighted parts of an entry. However, the...