42 matches found
LoLLMs WEBUI 安全漏洞
LoLLMs WEBUI is a large-scale model web user interface developed by Saifeddine ALOUI, which supports integration of multiple models and modalities. LoLLMs WEBUI has a security vulnerability. This vulnerability stems from the/api/proxy endpoint, which allows unverified users to force the server to...
CVE-2025-23222
An issue was discovered in Deepin dde-api-proxy through 1.0.19 in which unprivileged users can access D-Bus services as root. Specifically, dde-api-proxy runs as root and forwards messages from arbitrary local users to legacy D-Bus methods in the actual D-Bus services, and the actual D-Bus servic...
CVE-2025-60541
A Server-Side Request Forgery SSRF in the /api/proxy/ component of linshenkx prompt-optimizer v1.3.0 to v1.4.2 allows attackers to scan internal resources via a crafted request...
CVE-2025-60541
A Server-Side Request Forgery SSRF in the /api/proxy/ component of linshenkx prompt-optimizer v1.3.0 to v1.4.2 allows attackers to scan internal resources via a crafted request...
CVE-2025-60541
CVE-2025-60541 describes a Server-Side Request Forgery (SSRF) in the linshenkx prompt-optimizer, affecting versions 1.3.0 through 1.4.2. The vulnerability resides in the /api/proxy/ component and enables an attacker to scan internal resources via a crafted request. Public sources (NVD/Red Hat/EUV...
CVE-2025-43995
Dell Storage Center - Dell Storage Manager, versions 20.1.21, contains an Improper Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Authentication Bypass in DSM Data Collector. An...
EUVD-2023-3268
Malicious code in bioql PyPI...
EUVD-2025-3151
Malicious code in bioql PyPI...
Papermark 安全漏洞
Papermark is a document analysis software by Marc Seitz, an individual developer. A security vulnerability exists in Papermark 0.20.0 and prior versions, which stems from improperly restricting access via the POST /api/file/s3/get-presigned-get-url-proxy API, which could allow an authenticated...
The vulnerability of the Deepin operating system’s dde-api-proxy component allows a hacker to gain root privileges.
The vulnerability of the dde-api-proxy component in the Deepin operating system is related to insufficient verification of the source of the communication channel. Exploiting this vulnerability can allow an attacker to gain root privileges...
CVE-2025-23222
Deepin dde-api-proxy (v1.0.19 and earlier) exposes a local privilege-escalation flaw: the daemon runs as root and forwards local user D-Bus requests to legacy D-Bus services, which do not detect the proxy context. This can allow unprivileged users to access D-Bus methods that should be restricted...
dde-api-proxy 安全漏洞
dde-api-proxy is a proxy program from Deepin open source. A security vulnerability exists in dde-api-proxy version 1.0.19, which stems from the fact that an unprivileged user can access the D-Bus service as root...
CVE-2025-23222
An issue was discovered in Deepin dde-api-proxy through 1.0.19 in which unprivileged users can access D-Bus services as root. Specifically, dde-api-proxy runs as root and forwards messages from arbitrary local users to legacy D-Bus methods in the actual D-Bus services, and the actual D-Bus servic...
PT-2025-4860 · Deepin · Dde-Api-Proxy
Name of the Vulnerable Software and Affected Versions: Deepin dde-api-proxy versions 1.0.0 through 1.0.19 Description: The issue allows unprivileged users to access D-Bus services as root because dde-api-proxy runs as root and forwards messages from arbitrary local users to legacy D-Bus methods i...
CVE-2024-6424 Server-Side Request Forgery vulnerability in MESbook
External server-side request vulnerability in MESbook 20221021.03 version, which could allow a remote, unauthenticated attacker to exploit the endpoint "/api/Proxy/Post?userName=&password=&uri=FILE|INTERNAL URL|IP/HOST" or "/api/Proxy/Get?userName=&password=&uri=ARCHIVO|URL INTERNA|IP/HOST" to re...
CVE-2024-32964 lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability
Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Prior to 0.150.6, lobe-chat had an unauthorized Server-Side Request Forgery vulnerability in the /api/proxy endpoint. An attacker can construct malicious requests to cause...
PT-2024-17983 · WordPress · Leadconnector
Name of the Vulnerable Software and Affected Versions: LeadConnector plugin for WordPress versions up to, and including, 1.7 Description: The issue is related to a missing capability check on the lc public api proxy function, which allows unauthenticated attackers to delete arbitrary posts,...
Improper Access Control
github.com/rancher/rancher is vulnerable to Improper Access Control. The vulnerability is due to the API proxy not dropping the impersonation header before sending the request to the Kubernetes API, allowing an authenticated user to impersonate any user on a cluster...
PT-2024-19422 · Hewlett Packard · Hpe Msa Storage
Name of the Vulnerable Software and Affected Versions: HPE MSA storage products affected versions not specified Description: A potential security issue has been identified in VSS Provider and CAPI Proxy software for certain HPE MSA storage products. This issue could be exploited to gain elevated...
CVE-2023-49799 Server-Side Request Forgery in nuxt-api-party
nuxt-api-party is an open source module to proxy API requests. nuxt-api-party attempts to check if the user has passed an absolute URL to prevent the aforementioned attack. This has been recently changed to use the regular expression ^https?://, however this regular expression can be bypassed by ...