Количество 2
Количество 2
CVE-2025-26260
11 месяцев назад
Plenti <= 0.7.16 is vulnerable to code execution. Users uploading '.svelte' files with the /postLocal endpoint can define the file name as javascript codes. The server executes the uploaded file name in host, and cause code execution.
CVSS3: 8.8
EPSS: Низкий
GHSA-mj4v-hp69-27x5
около 1 года назад
Plenti - Code Injection - Denial of Services
CVSS3: 6.5
EPSS: Низкий
Уязвимостей на страницу
20
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-26260 Plenti <= 0.7.16 is vulnerable to code execution. Users uploading '.svelte' files with the /postLocal endpoint can define the file name as javascript codes. The server executes the uploaded file name in host, and cause code execution. | CVSS3: 8.8 | 1% Низкий | 11 месяцев назад |
| GHSA-mj4v-hp69-27x5 Plenti - Code Injection - Denial of Services | CVSS3: 6.5 | 1% Низкий | около 1 года назад |
Уязвимостей на страницу
20