Résumé
Craft Commerce: Partial Payment Amount Without Lower Bound Validation
Références
Vulnérabilités liées
Tout Supply chain →- MEDIUMGHSA-3J69-69WJ-XQX2
UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()
- HIGHGHSA-G7M4-839X-CH6V
spomky-labs/otphp: Unbounded digits parameter in a provisioning URI triggers an uncaught DivisionByZeroError in OTP generation
- MEDIUMGHSA-GXG4-2RRR-JHC7
OpenClaw: Hostname checks could treat trailing-dot hosts inconsistently
- MEDIUMGHSA-FJV8-J4P5-CR9M
Daytona: Path traversal in sandbox volume id mounts arbitrary host paths into the sandbox — cross-tenant data access and host escape
- LOWGHSA-3MP7-VP6J-2MXX
BBOT: Server-Side Request Forgery (SSRF) in docker_pull module via WWW-Authenticate realm parsing
- HIGHGHSA-4PCV-MG8V-VRGF
PraisonAI: Server-Side Request Forgery (SSRF) in SearxNG / search_web tools via attacker-controlled searxng_url parameter