Search Results

GHSA : https://github.com/FlintSH/Flare/security/advisories/GHSA-3x7v-x3r6-mjh7 CVE : CVE-2026-30230 Summary The thumbnail endpoint does not validate the password for password‑protected files. It checks ownership/admin for private files but skips password veri...

GHSA : https://github.com/FlintSH/Flare/security/advisories/GHSA-gwqr-xf5c-5569 CVE : CVE-2026-30231 Summary The raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non‑owner user who knows the file URL ...

Wallos version : 4.6.1 GHSA : https://github.com/ellite/Wallos/security/advisories/GHSA-mr2c-prqv-hqm8 CVE : CVE-2026-30840 Summary Affected endpoints (all require a logged-in session and CSRF, but are available in normal usage): Webhook tester: testwebhook...

Summary Vulnerability: Unbounded image decoding and resizing during preview generation lets an attacker exhaust CPU and memory with highly compressed but extremely large-dimension images. Affected code: Decoding without bounds: task_attachment.go:GetPreview ...

GHSA : https://github.com/OneUptime/oneuptime/security/advisories/GHSA-cw6x-mw64-q6pv CVE : CVE-2026-30959 Description The resend-verification-code endpoint allows any authenticated user to trigger a verification code resend for any UserWhatsApp record by ID. ...

Summary Document input validation and normalization traverse the full document without explicit depth or size limits. Large or deeply nested documents can cause high CPU/memory usage. CVSS CVSS v4.0 Base Score: 5.3 (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/...

Summary Component block propPath allows arbitrary string keys. The renderer applies propPath with a recursive setter that does not block __proto__, constructor, or prototype, enabling prototype pollution when untrusted documents are rendered. CVSS CVSS v4.0 Ba...