Fg0X0

**Name of the Vulnerable Software and Affected Versions** Budibase versions prior to 3.39.0 **Description** The `executeQuery` automation step accepts a `queryId` from automation step inputs and passes it to the query execution controller without additional validation. When a REST datasource is configured to target internal infrastructure, this allows for server-side request forgery (SSRF), a flaw where the server is coerced into making outbound HTTP requests to destinations influenced by an attacker. The automation output then returns the response, which can expose internal service data. **Recommendations** Update to version 3.39.0.

**Name of the Vulnerable Software and Affected Versions** Budibase versions prior to 3.35.3 **Description** The VectorDB configuration endpoint accepts a `host` parameter that lacks validation against internal IP ranges, reserved hostnames, or URL schemes. This allows an authenticated user with builder-level access to provide arbitrary host values, such as `localhost` or `169.254.169.254`, forcing the server to initiate outbound TCP connections to internal network addresses or cloud metadata endpoints. **Recommendations** Update to version 3.35.3.

Algernon is a small self-contained pure-Go web server. Prior to 1.17.8, when algernon is started with --domain (or --letsencrypt, which silently turns on --domain at engine/flags.go:372), the request handler resolves the served directory by joining the configured --dir with the value of the client-supplied Host header. The join is performed by filepath.Join with no validation, so a Host: .. header walks one level above the document root. Subsequent file resolution then exposes everything in that parent directory — arbitrary file read, full directory listing, and, if any .lua file is present, server-side Lua execution. This vulnerability is fixed in 1.17.8.

**Name of the Vulnerable Software and Affected Versions** SiYuan versions prior to 3.7.0 **Description** SiYuan's publish-mode Reader can modify configuration and SQL index data through eight ungated APIs. These endpoints are registered with `model.CheckAuth` but lack `model.CheckAdminRole` and `model.CheckReadonly` checks, allowing users with `RoleReader` (including anonymous visitors) or `RoleEditor` in read-only workspaces to write server-side state. This includes atomic rewrites of the `<workspace>/conf/conf.json` file via the `model.Conf.Save()` function. Technical details include: - **API Endpoints:** '/api/graph/getGraph', '/api/graph/getLocalGraph', '/api/sync/setSyncInterval', '/api/storage/updateRecentDocViewTime', '/api/storage/updateRecentDocCloseTime', '/api/storage/updateRecentDocOpenTime', '/api/storage/batchUpdateRecentDocCloseTime', and '/api/search/updateEmbedBlock'. - **Vulnerable Parameters or Variables:** The `interval` parameter in the sync API and the `id` and `content` parameters in the search API. - **Function Names:** `model.Conf.Save()` is used to persist unauthorized configuration changes. Impacts include the ability to manipulate cloud sync intervals, corrupt graph rendering settings, poison search results by modifying the SQL `blocks.content` column, and manipulate the administrator's recent-documents list. **Recommendations** Update to version 3.7.0.

**Name of the Vulnerable Software and Affected Versions** n8n-MCP versions 2.18.7 through 2.50.1 **Description** An authenticated server-side request forgery (SSRF) issue exists affecting the webhook trigger tools, the n8n API client `N8N API URL`, and per-request URLs provided via the `x-n8n-url` header in multi-tenant HTTP mode. A caller with access to the MCP session can force the host to send HTTP requests to internal services and cloud metadata endpoints. This allows for internal-service enumeration and the theft of credentials, such as temporary IAM, GCP service account, or Azure managed-identity credentials. In single-tenant or stdio deployments, this can be triggered via indirect prompt injection where an attacker influences the LLM's tool calls to read internal services. **Recommendations** Update n8n-MCP to version 2.50.2. Restrict network egress from the host using a firewall or security group to deny access to cloud metadata IPs and unnecessary RFC1918 networks. Run the software in stdio mode instead of HTTP if multi-tenant functionality is not required. Disable workflow management tools by setting `DISABLED TOOLS=n8n trigger webhook workflow,n8n create workflow,n8n test workflow` if they are not needed.

**Name of the Vulnerable Software and Affected Versions** JupyterLab versions prior to 4.5.7 Jupyter Notebook versions prior to 7.5.6 **Description** The HTML sanitizer allowlists `data-commandlinker-command` and `data-commandlinker-args` on `button` elements. Because `CommandLinker` listens for all click events on `document.body` and executes named commands without verifying if the element originated from a trusted UI, a notebook with pre-saved HTML cell output containing a deceptive button can trigger arbitrary commands. This can lead to arbitrary code execution, file deletion, or server denial of availability by opening multiple kernels or terminals upon a single user click. In Chromium-based browsers, multi-click attacks combined with clipboard access may allow full terminal access. The attack surface may increase in environments with third-party frontend extensions that provide additional commands. **Recommendations** Update to version 4.5.7 or newer. Update to version 7.5.6 or newer. For downstream applications inheriting from `JupyterFrontEnd` or `JupyterLab`, disable `CommandLinker` by passing the `commandLinker: new CommandLinker({ commands: new CommandRegistry() })` option during initialization. Disable the command linker functionality via `overrides.json` by setting `@jupyterlab/apputils-extension:sanitizer` with `allowCommandLinker` set to `false`.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 7.1.2-21 ImageMagick versions prior to 6.9.13-46 **Description** An overflow can be triggered when a user opens a malicious MIFF file in the display tool and right-clicks a tile to invoke the Load / Update menu item. **Recommendations** Update to version 7.1.2-21. Update to version 6.9.13-46.

**Name of the Vulnerable Software and Affected Versions** Weblate versions prior to 5.17.1 **Description** An authenticated user with `project.add` permission can import a specially crafted project backup ZIP file. If the `components/<name>.json` file within the ZIP contains a `repo` URL pointing to a private address or uses a non-allow-listed scheme (such as `file://` or `git://`), the system fails to validate it. This occurs because the software uses the `Component.objects.bulk create([component])[0]` function, which bypasses the `full clean()` method and the `validate repo url` validator. Consequently, the malicious URL is written directly into the `.git/config` file by the `configure repo(pull=False)` function. **Recommendations** Update to version 5.17.1. Limit the number of users who have permission to create projects to reduce the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** wlc versions prior to 2.0.0 **Description** The HTML output format embeds API response data into HTML without proper escaping. This allows for cross-site scripting (XSS), a technique where malicious scripts are injected into trusted websites, when the output is rendered in a web browser. **Recommendations** Update to version 2.0.0. As a temporary workaround, avoid using the opt-in HTML output format.

**Name of the Vulnerable Software and Affected Versions** Axios versions prior to 1.15.1 Axios versions prior to 0.31.1 **Description** The `toFormData` function recursively processes nested objects without a depth limit. Consequently, providing a deeply nested value as request data can cause the Node.js process to crash due to a RangeError. **Recommendations** Update to version 1.15.1 or later. Update to version 0.31.1 or later.

**Name of the Vulnerable Software and Affected Versions** CI4MS Theme (affected versions not specified) **Description** The upload function in CI4MS Theme fails to validate entry names when extracting user-uploaded ZIP archives. This allows an authenticated backend user with theme create permissions to perform a Zip Slip attack, which is a directory traversal flaw during archive extraction. By uploading a specially crafted ZIP file containing entries like `../../public/shell.php`, an attacker can write files to arbitrary filesystem locations, such as the public web root, leading to remote code execution. The issue exists in the `upload()` function within the 'modules/Theme/Controllers/Theme.php' file, specifically where `ZipArchive::extractTo()` is called without verifying that the entries resolve inside the intended destination. The affected API endpoint is 'POST backend/themes/themesUpload'. **Recommendations** As a temporary workaround, restrict access to the 'POST backend/themes/themesUpload' endpoint or revoke the theme create permission for users until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CI4MS versions prior to 0.31.5.0 **Description** The `restore()` function in the `Backup` controller extracts user-uploaded ZIP archives without validating entry names. This allows an authenticated backend user with backup create permissions to perform a Zip Slip attack, writing files to arbitrary filesystem locations. An attacker can achieve remote code execution by dropping a PHP file into the public web root. The issue is located at the 'POST backend/backup/restore' endpoint, which uses the `backup file` parameter. Additionally, because this route is excluded from CSRF protection, a logged-in administrator could be forced to perform this action via a cross-site request. **Recommendations** Update to version 0.31.5.0. As a temporary workaround, restrict access to the `restore()` function or the 'POST backend/backup/restore' endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PySpector versions prior to 0.1.8 **Description** The plugin security validator uses AST-based static analysis to prevent dangerous code from being loaded as plugins. The blocklist implemented in the `validate plugin code()` function is incomplete and can be bypassed using several Python constructs that are not checked. An attacker who can supply a plugin file can achieve arbitrary code execution within the process when that plugin is installed and executed. **Recommendations** Update to version 0.1.8.

Name of the Vulnerable Software and Affected Versions Vite versions 7.1.0 through 7.3.1 and 8.0.0 through 8.0.4 Description Vite, a frontend tooling framework for JavaScript, allows retrieval of files blocked by `server.fs.deny` (such as .env and *.crt files) with HTTP 200 responses when specific query parameters like ?raw, ?import&raw, or ?import&url&inline are appended to the request. This occurs when the Vite dev server is exposed to the network and sensitive files are both allowed by `server.fs.allow` and denied by `server.fs.deny`. Recommendations Vite versions 7.1.0 through 7.3.1 should be updated to version 7.3.2 or later. Vite versions 8.0.0 through 8.0.4 should be updated to version 8.0.5 or later.

Ash Framework versions prior to 3.22.0 Ash Framework is susceptible to a denial of service due to uncontrolled Erlang atom creation. The `Ash.Type.Module.cast input/2` function unconditionally creates a new Erlang atom using `Module.concat([value])` for any user-supplied binary string starting with 'Elixir.', without first verifying the module's existence. Since Erlang atoms are never garbage collected and the BEAM virtual machine has a limit on the number of atoms, an attacker can exhaust the atom table by submitting numerous unique 'Elixir.*' strings through any resource attribute or argument of type :module, leading to a crash of the BEAM VM and a denial of service. The vulnerable code is located in `lib/ash/type/module.ex`, lines 105-113 and 141. An attacker can exploit this by submitting repeated `Ash.create` requests with unique 'Elixir.*' strings via an API endpoint. The issue also occurs when reading :module-typed values from the database if an attacker can write arbitrary 'Elixir.*' strings to the relevant database column. To resolve this, update to version 3.22.0 or later. As a temporary workaround, avoid using the :module type for user-supplied input or restrict access to resources with :module-typed attributes.

Name of the Vulnerable Software and Affected Versions: SiYuan versions 3.6.0 through 3.6.1 Description: SiYuan is a personal knowledge management system. The SanitizeSVG function, introduced in version 3.6.0 to address XSS in the unauthenticated /api/icon/getDynamicIcon endpoint, can be bypassed by utilizing namespace-prefixed element names such as <x:script xmlns:x="http://www.w3.org/2000/svg">. The Go HTML5 parser identifies the element's tag as 'x:script' instead of 'script', allowing it to pass the tag check. The SVG is served with Content-Type: image/svg+xml and without a Content Security Policy. When a browser directly opens the response, its XML parser resolves the prefix to the SVG namespace and executes the embedded script. This allows an attacker on the same network to craft a URL and share it with a victim. When the victim opens it in a browser, JavaScript executes at the SiYuan server origin, potentially allowing access to all notes, data export, or modification of settings, without authentication or prior access. Recommendations: Update to version 3.6.2 or later.

**Name of the Vulnerable Software and Affected Versions** WWBN AVideo versions prior to 26.0 **Description** WWBN AVideo, an open source video platform, contains a stored cross-site scripting issue in the CDN plugin’s download buttons component. The `clean title` field of a video record is directly interpolated into a JavaScript string literal without proper escaping. This allows an attacker with video creation or modification privileges to inject arbitrary JavaScript code that will execute in the browser of any user who visits the affected download page. The vulnerability resides in the PHP code at line 59 of the affected file, where the `clean title` value is echoed verbatim inside a JavaScript string literal. The injected script executes in the security context of the user loading the download page. The vulnerable code constructs a JavaScript function call using the following format: `downloadURLOrAlertError(url, {}, '<?php echo $video['clean title']; ?>.' + format, progress);`. The `clean title` field is derived from user-supplied video title input. **Recommendations** Versions prior to 26.0 should be updated to version 26.0 or later.

**Name of the Vulnerable Software and Affected Versions** WWBN AVideo versions prior to 26.0 **Description** WWBN AVideo is an open source video platform. A logic error in the `setPassword.json.php` endpoint within the CustomizeUser plugin allows administrators to inadvertently set a channel password to zero for any user. This occurs because any password containing non-numeric characters is silently converted to the integer zero before being stored. Consequently, any visitor can bypass channel-level access control by simply guessing the password '0'. The endpoint, `setPassword.json.php`, processes the `ProfilePassword` request parameter using the `intval()` function, which converts alphanumeric strings to 0. This silent coercion means administrators are unaware that the intended password is not being stored correctly. The vulnerability affects channel-level access control and does not enable account takeover or privilege escalation, but it renders the password protection feature ineffective for non-numeric passwords. **Recommendations** Versions prior to 26.0 should be updated to version 26.0 or later.

**Name of the Vulnerable Software and Affected Versions** WWBN AVideo versions prior to 26.0 **Description** WWBN AVideo, an open source video platform, contains an open redirect issue in the login process. A user-supplied `redirectUri` parameter is directly included in a JavaScript `document.location` assignment without proper encoding. After a user completes the login popup, a timer callback uses this unvalidated value to redirect the user to a site controlled by an attacker. The vulnerable code is located in `view/userLogin.php`, where the application accepts a `redirectUri` GET parameter, passes it through the `isSafeRedirectURL()` function, and stores the result in `$safeRedirectUri`. This value is then embedded into a JavaScript block without appropriate encoding, allowing for exploitation through protocol-relative URLs like `//evil.com` or subdomain confusion techniques. The attack requires a victim to follow a crafted link and interact with the login popup, enabling phishing attacks. **Recommendations** Versions prior to 26.0 should be updated to version 26.0 or later.

**Name of the Vulnerable Software and Affected Versions** SiYuan versions 3.6.0 and below **Description** SiYuan, a personal knowledge management system, contains a flaw in the handling of file uploads through the '/api/import/importSY' and '/api/import/importZipMd' API endpoints. These endpoints write uploaded archives to a path derived from the filename without proper sanitization. This allows an administrator to write files to arbitrary locations, potentially including system paths, leading to Remote Code Execution (RCE). The issue stems from insufficient cleaning of file paths, allowing crafted filenames with '..' sequences to escape the intended temporary directory. Exploitation requires sending raw HTTP requests, bypassing sanitization performed by tools like curl. The vulnerable code resides in the `kernel/api/import.go` file, specifically within the `importSY` and `importZipMd` functions. A proof-of-concept demonstrates the ability to overwrite files like `/etc/cron.d/` (in root containers) or user configuration files to achieve RCE. The flaw can also lead to data destruction by overwriting workspace or application files. **Recommendations** Update to version 3.6.1 or later to resolve this vulnerability.