Jeanback1

2 exploits Active since Mar 2023

CVE-2023-27163 NOMISEC MEDIUM

request-baskets <1.2.1 - SSRF

request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.

CVSS 6.5

View Code

CVE-2025-2304 GITHUB CRITICAL python WORKING POC

Rubygems Camaleon Cms < 2.9.1 - Privilege Escalation

A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without any filtering.

View Code