【高危】Anki's local HTTP server does not sufficiently validate requests
Anki's local HTTP server does not sufficiently validate requests
【高危】SurrealDB: Arbitrary file read via DEFINE ANALYZER mapper() filter
SurrealDB: Arbitrary file read via DEFINE ANALYZER mapper() filter
【高危】Lokka: Azure Resource Manager URL path validation issue
Lokka: Azure Resource Manager URL path validation issue
【高危】@jhb.software/payload-cloudinary-plugin: Arbitrary Cloudinary API Parameter Signing
@jhb.software/payload-cloudinary-plugin: Arbitrary Cloudinary API Parameter Signing
【高危】LangSmith SDK TracingMiddleware: Arbitrary server-side file read
LangSmith SDK TracingMiddleware: Arbitrary server-side file read
【高危】githubtoplanguages: Command Injection via Issue Title in Discord Notification Workflow
githubtoplanguages: Command Injection via Issue Title in Discord Notification Workflow
【高危】appium-mcp: Unescaped Locator Data XSS in MCP-UI Resource (createLocatorGeneratorUI)
appium-mcp: Unescaped Locator Data XSS in MCP-UI Resource (createLocatorGeneratorUI)
【高危】EverOS: Path traversal in EverOS /api/v1/memory/add via unvalidated sender_id
EverOS: Path traversal in EverOS /api/v1/memory/add via unvalidated sender_id
【高危】Uni-CLI: Legacy HTTP MCP transport accepted browser-originated localhost requests
Uni-CLI: Legacy HTTP MCP transport accepted browser-originated localhost requests
【高危】stigmem-node: decay sweep expires and counts facts across all tenants (cross-tenant BOLA)
stigmem-node: decay sweep expires and counts facts across all tenants (cross-tenant BOLA)
【高危】Budibase: Mass Assignment in Webhook Trigger Allows Cross-Workspace Automation Execution via appId Override
Budibase: Mass Assignment in Webhook Trigger Allows Cross-Workspace Automation Execution via appId Override
【高危】@actual-app/sync-server: Disabled OpenID users keep access through existing session tokens
@actual-app/sync-server: Disabled OpenID users keep access through existing session tokens
【高危】Budibase: Unauthenticated S3 signed upload URL generation allows arbitrary writes with stored datasource cre
Budibase: Unauthenticated S3 signed upload URL generation allows arbitrary writes with stored datasource credentials
【高危】Budibase has an Account Impersonation Issue — Chat Identity Link Hijacking via Missing Consent & CSRF
Budibase has an Account Impersonation Issue — Chat Identity Link Hijacking via Missing Consent & CSRF
【高危】Budibase: POST /api/attachments/:datasourceId/url is unauthenticated and lets anonymous callers mint S3 PUT
Budibase: POST /api/attachments/:datasourceId/url is unauthenticated and lets anonymous callers mint S3 PUT pre-signed URLs using stored datasource IAM credentials
【高危】Budibase: SSRF via OAuth2 token endpoint URL reaches internal hosts and cloud metadata
Budibase: SSRF via OAuth2 token endpoint URL reaches internal hosts and cloud metadata
【高危】skillctl: argument injection, path traversal in --dest, FIFO/device DoS, hardlink exfiltration, and commit-t
skillctl: argument injection, path traversal in --dest, FIFO/device DoS, hardlink exfiltration, and commit-trailer forgery
【高危】Gogs has the ability to import local repositories via Mirror Settings
Gogs has the ability to import local repositories via Mirror Settings
【高危】Gogs Vulnerable to CSRF Leading to Organization Owner Takeover
Gogs Vulnerable to CSRF Leading to Organization Owner Takeover
【高危】Gogs Missing Authorization in Attachment Download
Gogs Missing Authorization in Attachment Download