Lucene search
K

9 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-1980

Malicious code in bioql PyPI...

6.5CVSS4.7AI score0.01098EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/23 2:15 a.m.6 views

CVE-2023-3566

A vulnerability was found in wallabag 2.5.4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /config of the component Profile Config. The manipulation of the argument Name leads to allocation of resources. The exploit has been disclosed ...

6.5CVSS6.7AI score0.01098EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:55 a.m.10 views

CVE-2023-0737

wallabag version 2.5.2 contains a Cross-Site Request Forgery CSRF vulnerability that allows attackers to arbitrarily delete user accounts via the /account/delete endpoint. This issue is fixed in version 2.5.4...

6.5CVSS6.7AI score0.00304EPSS
Exploits1References1
Veracode
Veracode
added 2024/11/28 10:19 a.m.10 views

Cross-site Request Forgery (CSRF)

wallabag is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to insufficient request validation, allowing attackers to arbitrarily delete user accounts via the /account/delete endpoint...

6.5CVSS7AI score0.00304EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2023/08/22 3:6 a.m.18 views

Cross-Site Request Forgery (CSRF)

wallabag/wallabag is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists due to the lack of a CSRF token in the resetAction function of ConfigController.php, which allows an attacker to arbitrarily delete the victim user's annotations, entries and tags by sending GET requests ...

5.7CVSS6.8AI score0.00234EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/08/21 12:30 p.m.3 views

GHSA-RWPG-4C4C-V3R4 Duplicate Advisory: Wallabag user can reset data unintentionally

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-p8gp-899c-jvq9. This link is maintained to preserve external references. Original Description Cross-Site Request Forgery CSRF in GitHub repository wallabag/wallabag prior to 2.6.3...

4.3CVSS5.6AI score0.00234EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/07/10 12:0 a.m.5 views

wallabag 安全漏洞

wallabag is a web application that allows you to save web pages for later reading. A security vulnerability exists in wallabag version 2.5.4, which stems from the parameter Name in the file /config that causes resource allocation...

6.5CVSS5.2AI score0.01098EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/03/05 12:0 a.m.2 views

PT-2023-16488 · Wallabag · Wallabag

Name of the Vulnerable Software and Affected Versions: wallabag versions prior to 2.5.4 Description: The issue is related to improper authorization in the wallabag GitHub repository. Recommendations: For versions prior to 2.5.4, update to version 2.5.4 or later to resolve the issue...

7.3CVSS5.9AI score0.00498EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2023/02/01 12:0 a.m.3 views

PT-2023-16400 · Wallabag · Wallabag

Name of the Vulnerable Software and Affected Versions: wallabag versions prior to 2.5.3 Description: The issue concerns improper authorization in the wallabag GitHub repository. Specifically, the annotations feature allows users to add annotations on highlighted parts of an entry. However, the...

5.4CVSS4.6AI score0.00444EPSS
Exploits1References10
Rows per page
Query Builder