Alexandru Postolache

#9079of 53,632
30.1Total CVSS
Vulnerabilities · 4
Medium
1
High
2
Critical
1
PT-2025-48209
7.2
2025-11-26
Dreamfactory · Dreamfactory · CVE-2025-13700
**Name of the Vulnerable Software and Affected Versions** DreamFactory (affected versions not specified) **Description** A flaw exists in the implementation of the `saveZipFile` method that could allow remote attackers to execute arbitrary code on affected DreamFactory installations. Authentication is required for exploitation. The issue stems from insufficient validation of user-supplied input before it is used in a system call, potentially allowing an attacker to execute code with the privileges of the service account. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-7449
7.5
2025-02-20
Trenoncourt · Autoqueryable · CVE-2024-57716
**Name of the Vulnerable Software and Affected Versions** trenoncourt AutoQueryable version 1.7.0 **Description** An issue in trenoncourt AutoQueryable allows a remote attacker to obtain sensitive information via the `Unselectable` function. **Recommendations** For trenoncourt AutoQueryable version 1.7.0, consider disabling the `Unselectable` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2024-28353
5.4
2024-07-19
Janeczku · Calibre-Web · CVE-2024-39123
**Name of the Vulnerable Software and Affected Versions** janeczku Calibre-Web versions 0.6.0 through 0.6.21 **Description** The issue arises from improper sanitization performed by the `clean string` function, specifically in the way it handles HTML sanitization, making the `edit book comments` function vulnerable to Cross Site Scripting (XSS). **Recommendations** For versions 0.6.0 through 0.6.21, consider disabling the `edit book comments` function until a patch is available to prevent potential XSS attacks. Restrict access to the `clean string` function to minimize the risk of exploitation. Avoid using the `clean string` function for HTML sanitization in the affected versions until the issue is resolved.
PT-2024-5577
10
2024-05-31
Gitea · Gitea · CVE-2024-6886
**Name of the Vulnerable Software and Affected Versions** Gitea Open Source Git Server version 1.22.0 **Description** The issue affects Gitea Open Source Git Server due to improper neutralization of input during web page generation, allowing Stored XSS. This can enable a remote attacker to conduct a cross-site scripting attack. **Recommendations** For version 1.22.0, upgrade to version 1.23.0 to fix this issue. As a temporary workaround, consider restricting access to sensitive areas of the web application to minimize the risk of exploitation.