905977 matches found
MINI-W3RV-59J8-CMM9
Bulletin has no description...
GHSA-Q4RM-M6XH-5PV7 Froxlor customer can create MySQL databases on disallowed servers via Mysqls.add API
Summary The Mysqls.add API command lib/Froxlor/Api/Commands/Mysqls.php accepts a customer-controlled mysqlserver parameter and only validates that the value is numeric and that the server index exists in userdata.inc.php. It never checks the value against the calling customer's allowedmysqlserver...
GHSA-MR9H-45P9-FG8H Froxlor: Authenticated customers can read other customers' allowed sender aliases
Summary An authenticated customer can read other customers' allowed sender aliases from Froxlor's sender-delete confirmation page when mail.enableallowsender is enabled. customeremail.php loads allowedsender by global auto-increment senderid alone, so a customer can enumerate foreign sender alias...
GHSA-V5FF-XMFP-P245 electerm has Command Injection in File System Operations (rmrf, mv, cp)
Impact A command injection vulnerability exists in electerm's file system operations rmrf, mv, cp in src/app/lib/fs.js. These functions construct shell commands by interpolating file paths directly into command strings without escaping shell metacharacters. Vulnerable functions: - rmrf - Uses rm...
GHSA-4Q9J-6299-GXMR Dragonfly Manager OAuth provider client_secret disclosure via unauthenticated GET /api/v1/oauth
Summary The Dragonfly Manager exposes GET /api/v1/oauth and GET /api/v1/oauth/:id to unauthenticated clients. The response body deserializes the entire manager/models.Oauth struct, which includes the clientsecret field. Any network-reachable attacker can read the OAuth client secrets configured f...
GHSA-38J7-23HF-9MHC electerm has Path Traversal in Zmodem and Trzsz Download Filename Handling
Impact A path traversal vulnerability exists in the Zmodem and Trzsz file download handlers in electerm. When receiving files via Zmodem or Trzsz protocols, electerm uses the remote-supplied filename directly in path.join with the user-selected download directory without sanitization. A malicious...
GHSA-525M-7F82-2MF7 @conform-to/dom parseSubmission vulnerable to CPU exhaustion when parsing many unique form fields
A CPU exhaustion vulnerability exists in Conform's parseSubmission future API when parsing FormData or URLSearchParams submissions with many unique field names. The parser previously looked up values by field name, which could require repeated scans of the submitted entries and cause excessive...
GHSA-VV65-F55V-XM6G Grackle has command/argument injection in the git worktree executor that enables RCE on provisioned hosts via an unsanitized task branch name (shell:true)
Summary The default git executor used for all worktree operations spawns git through a shell, and the untrusted task branch name flows into the command unsanitized. A caller able to reach the PowerLine SpawnSession RPC a malicious or compromised agent acting through the orchestration layer, or an...
MINI-4H52-HVVQ-F4PQ
Bulletin has no description...
MINI-2HH2-X2GH-F3J2
Bulletin has no description...
MINI-QV6Q-FV83-8732
Bulletin has no description...
MINI-HRMP-QFWG-H782
Bulletin has no description...
MINI-WF56-7PP6-3GFR
Bulletin has no description...
MINI-RM77-HPXH-JW9F
Bulletin has no description...
MINI-V6WH-6PJC-26FJ
Bulletin has no description...
MINI-R224-J68W-6M47
Bulletin has no description...
MINI-FWRH-QWQP-F6Q8
Bulletin has no description...
MINI-CFP5-87Q2-F4HP
Bulletin has no description...
MINI-2VHG-RC47-C7MF
Bulletin has no description...
GHSA-GG9X-QCX2-XMRH joserfc: HS256/HS384/HS512 verify accepts empty/nil HMAC key (cross-language sibling of CVE-2026-45363)
Summary joserfc.jwt.decode accepts attacker-forged HMAC-signed tokens when the caller-supplied verification key is the empty string or None. HMACAlgorithm.sign and HMACAlgorithm.verify in src/joserfc/rfc7518/jwsalgs.py:62-70 feed whatever OctKey.getopkey... produced into hmac.new..., and...
MINI-G7QR-F579-XPGQ
Bulletin has no description...
MINI-C8H3-65W4-CVM7
Bulletin has no description...
MINI-RCV8-W337-8F7H
Bulletin has no description...
MINI-RJQQ-WVVH-WV8Q
Bulletin has no description...
MINI-2QJ9-4J2F-7928
Bulletin has no description...
MINI-4497-2X62-4FX9
Bulletin has no description...
MINI-M3XQ-62W8-8RF4
Bulletin has no description...
MINI-CW32-J3FW-5GJR
Bulletin has no description...
GHSA-3VCG-PV95-PQ54 SFTPGo has stored XSS via inline parameter on public shares and user file download
Summary The inline query parameter on the browsable-share file download and on the authenticated user file download suppressed Content-Disposition: attachment, so an HTML file stored in a share or home directory could be served as text/html and execute in SFTPGo's web origin stored XSS. Impact Lo...
GHSA-H64P-8H4R-6GFH SFTPGo has path confinement bypass in public browsable share partial ZIP download
Summary The public web-client endpoint for partial ZIP downloads of a browsable share did not correctly confine the client-supplied files entries to the shared directory. A requester able to reach a public share could read files located outside the shared directory, as long as the target's...
GHSA-93Q6-WWJH-JC6H @asymmetric-effort/specifyjs: CSS expression sanitization is bypassable in renderToString
Finding Location: core/src/server/render-to-string.ts:307-311 CSS value sanitization stripped expression and urljavascript: using simple regex, but could be bypassed with CSS unicode escapes \65xpression, null bytes, or CSS comments exp//ression. Mitigating Factor: These CSS injection vectors onl...
GHSA-J5QP-P44G-2M49 @asymmetric-effort/specifyjs: No redirect target validation in secureFetch
Finding Location: core/src/shared/secure-fetch.ts assertSecureUrl validated only the initial request URL. The fetch API follows redirects by default up to 20 hops. A request to a valid https:// URL could redirect to http://internal-service/ or other unvalidated destinations. Status Fixed in...
GHSA-2944-57XV-2682 @asymmetric-effort/specifyjs: `data:` URI allowed without size restriction
Finding Location: core/src/shared/secure-fetch.ts:33-35 data: URIs were allowed without any restriction. While data: URIs don't make network requests, they can be used for memory exhaustion via very large data URIs. Status Fixed in v0.2.136 — data: URIs are now limited to 1MB. URIs exceeding this...
GHSA-XW57-23P8-9WC5 @asymmetric-effort/specifyjs: Localhost bypass incomplete (IPv6, 0.0.0.0, 127.x range)
Finding Location: core/src/shared/secure-fetch.ts:52-54 The localhost exception allowed localhost and 127.0.0.1 but did not cover 0.0.0.0, ::1 IPv6 localhost, or the full 127.0.0.0/8 loopback range. Status Fixed in v0.2.136 — Localhost detection now covers localhost, 127.0.0.1, ::1, 0.0.0.0, and...
GHSA-QCR8-X557-7CP3 @asymmetric-effort/specifyjs: Production console warnings may leak internal framework state
Finding Location: core/src/core/scheduler.ts:23, core/src/hooks/dispatcher.ts:100, core/src/client/graphql.ts:71 Several console.warn calls are not gated behind DEV and will fire in production builds, potentially exposing internal framework state such as queue sizes, component names, and query...
MINI-CGWM-8WG3-6PHP
Bulletin has no description...
MINI-79J6-7CMX-2M5C
Bulletin has no description...
MINI-V6JM-JVRH-RQP4
Bulletin has no description...
MINI-CJVH-6GH8-GW7R
Bulletin has no description...
MINI-CHFC-28GQ-M5C4
Bulletin has no description...
MINI-C8MP-FXQ5-J6M2
Bulletin has no description...
MINI-Q7CX-7C9M-56PP
Bulletin has no description...
MINI-MCCJ-2JHV-RPR2
Bulletin has no description...
MINI-R66M-PXWV-X735
Bulletin has no description...
MINI-6WV9-785G-W69P
Bulletin has no description...
MINI-QFFH-XQ78-M6GV
Bulletin has no description...
MINI-8W42-4CGQ-Q9W7
Bulletin has no description...
GHSA-5C7W-4WM3-85VW @asymmetric-effort/specifyjs: GraphQL gql tag allows metacharacter injection
Finding Location: core/src/client/graphql.ts:66-80 The gql template tag function warned about interpolated values containing GraphQL metacharacters : but still concatenated them into the query string, enabling potential GraphQL injection. Status Fixed in v0.2.136 — The gql function now throws an...
MINI-48C8-V3H8-88PJ
Bulletin has no description...
MINI-VRV7-R6JM-3P3H
Bulletin has no description...