VYPR

Talishar

by Talishar

Source repositories

CVEs (4)

  • CVE-2026-28429HigMar 6, 2026
    risk 0.49cvss 7.5epss 0.01

    Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871, a Path Traversal vulnerability was identified in the gameName parameter. While the application's primary entry points implement input validation, the ParseGamestate.php component can be accessed directly as…

  • CVE-2026-28428MedMar 6, 2026
    risk 0.34cvss 5.3epss 0.00

    Talishar is a fan-made Flesh and Blood project. Prior to commit a9c218e, an authentication bypass vulnerability in Talishar's game endpoint validation logic allows any unauthenticated attacker to perform authenticated game actions — including sending chat messages and…

  • CVE-2026-25144MedFeb 2, 2026
    risk 0.34cvss 5.3epss 0.00

    Talishar is a fan-made Flesh and Blood project. A Stored XSS exists in the chat in-game system. The playerID parameter in SubmitChat.php and is saved without sanitization and executed whenever a user view the current page game. This vulnerability is fixed by…

  • CVE-2026-27632Feb 25, 2026
    risk 0.00cvss epss 0.00

    Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871a14c192d1fb8146cdbc76f29f27c1cf48, the Talishar application lacks Cross-Site Request Forgery (CSRF) protections on critical state-changing endpoints, specifically within `SubmitChat.php` and other game…