CVE Vulnerability Database

Ghostfolio is an open source wealth management software. Prior to version 2.244.0, by bypassing symbol validation, an attacker can execute arbitrary SQL commands via the getHistorical() method, potentially allowing them …

Kimai is a web-based multi-user time-tracking application. Prior to version 2.51.0, "GET /api/invoices/{id}" only checks the role-based view_invoice permission but does not verify the requesting user has access to the …

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, if a malicious authenticated user uploads SVG and creates a hotlink for it, …

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, the upload status SSE implementation on /uploadStatus publishes global upload state to any …

Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. From version 4.4.0 to before version 4.4.5 and from version 4.5.0 to …

Ghostfolio is an open source wealth management software. Prior to version 2.245.0, an attacker can exploit the manual asset import feature to perform a full-read SSRF, allowing them to exfiltrate …

Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. Prior to version 1.21.0, when a user requests a download, the application does not verify whether the …

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, the URL ingest pipeline accepted user-controlled remote URLs with …

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did …

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, some endpoints returned raw exception strings to clients. Additionally, …