Riasztások

free-one-api allows users to access large language model reverse engineering libraries through the standard OpenAI API format. In versions up to and including 1.0.1, MD5 is used to hash passwords...

LGSL (Live Game Server List) provides online status lists for online video games. Versions up to and including 6.2.1 contain a reflected cross-site scripting vulnerability in the `Referer` HTTP...

Password Pusher is an open source application to communicate sensitive information over the web. A vulnerability has been reported in versions 1.50.3 and prior where an attacker can copy the...

Better Auth is an authentication library for TypeScript. An open redirect vulnerability has been identified in the verify email endpoint of all versions of Better Auth prior to v1.1.6, potentially...

Veritas / Arctera Data Insight before 7.1.1 allows Application Administrators to conduct SQL injection attacks.

Simofa is a tool to help automate static website building and deployment. Prior to version 0.2.7, due to a design mistake in the RouteLoader class, some API routes may be publicly accessible when...

Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. Versions prior to 1.1.1 contain a server-side request forgery (SSRF) vulnerability. The...

Tasklists provides plugin tasklists for GLPI. Versions prior to 2.0.4 have a blind SQL injection vulnerability. Version 2.0.4 contains a patch for the vulnerability.

iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected...

iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability. This vulnerability allows network-adjacent attackers to tamper with firmware...