i18next-http-middleware has path traversal / SSRF via user-controlled language and namespace parameters
pygeoapi 0.23.x: Unauthenticated SSRF via OGC API - Processes Subscriber
pygeoapi 0.23.x: Path Traversal in STAC FileSystemProvider
A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly ...
A vulnerability was found in Algovate xhs-mcp 0.8.11. This affects the function xhs_publish_content of the file src/server/mcp.server.ts of the component MCP Interface. Performing a manipulation of the argument media_paths results in server-side request forgery. The attack may be initiated remotely....
A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This issue affects the function build_project/run_tests of the file src/index.ts of the component MCP Interface. The manipulation of the argument Request results in os command injection. The attack may be launched remotely. The exploit ...
A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=add_to_cart. The manipulation of the argument pid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to ...
A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function save_user of the file /admin/ajax.php?action=save_user. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.
Admidio: OIDC Token Introspection Endpoint Returns Active for All Tokens Without Validation
Admidio Sends SAML Response to Unvalidated Assertion Consumer Service URL from AuthnRequest
Admidio Ignores SAML Signature Validation Result, Processes Forged AuthnRequests and LogoutRequests
Admidio has CSRF on Admin Preferences that Triggers Unauthorized Backup, .htaccess Write, and Email Send
Admidio Missing Minimum Administrator Check in Role Membership Removal
Admidio vulnerable to reflected XSS in msg_window.php via Square Bracket to HTML Tag Conversion
Admidio has Inverted 2FA Reset Authorization Check that Lets Group Leaders Strip Admin TOTP
Admidio Leaks Hidden Profile Field Values via Blind Search Oracle in Member Assignment
Admidio's Missing Authorization on Inventory Module Destructive Endpoints Allows Any Authenticated User to Delete Items
Admidio Exposes Cross-Organization Member Data via Permission Check Mismatch in contacts_data.php
Admidio has Path Traversal via Unvalidated `name` Parameter in Document Add Mode that Enables Arbitrary Server File Read
Admidio has Path Traversal in ECard Preview that Allows Reading Arbitrary Server Files Including Database Credentials