5 matches found
CVE-2026-61835 Directus: SSRF Protection Bypass via 0.0.0.0 in File Import
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 12.0.0, the SSRF protection on Directus's file-import-from-URL feature can be bypassed using the address 0.0.0.0 because api/src/request/is-denied-ip.ts treats 0.0.0.0 as a keyword for local interfaces but...
WordPress Uncanny Automator - Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin <= 7.0.0.3 - Authenticated (Administrator+) Server-Side Request Forgery to Arbitrary File Upload vulnerability
WordPress Uncanny Automator - Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin = 7.0.0.3 - Authenticated Administrator+ Server-Side Request Forgery to Arbitrary File Upload vulnerability discovered by lucsob in WordPress Plugin Uncanny Automator versions = 7.0.0.3...
BeyondTrust Privilege Management for Windows 安全漏洞
BeyondTrust Privilege Management for Windows is a software for restricting user privileges by BeyondTrust USA. A security vulnerability exists in BeyondTrust Privilege Management for Windows prior to version 25.4.270.0, which originates in wmic.exe could lead to an anti-tamper protection bypass...
UBUNTU-CVE-2024-0208
GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file...
QuickApps CMS Cross-Site Scripting Vulnerability
QuickApps CMS is a PHP-based, open source, modular content management system. A cross-site scripting vulnerability exists in the user's real name field in QuickApps CMS version 2.0.0. A remote attacker can exploit this vulnerability to cause a denial of service and perform unauthorized operations...