5 matches found
CVE-2026-7713
CVE-2026-7713 affects crocodilestick Calibre-Web-Automated up to 4.0.6. The vulnerable component is the Kobo auth-token Route, specifically the generate_auth_token function in cps/kobo_auth.py, where improper authorization may be exploited remotely. An exploit has been published and publicized. A...
PT-2026-36319
Name of the Vulnerable Software and Affected Versions AstrBotDevs AstrBot versions prior to 4.16.1 Description The Dashboard component contains hard-coded credentials within the file astrbot/dashboard/routes/auth.py. This flaw allows a remote attacker to gain unauthorized access to the system...
GHSA-CQGF-F4X7-G6WC Ech0: Unauthenticated SSRF in GetWebsiteTitle allows access to internal services and cloud metadata
Summary The GET /api/website/title endpoint accepts an arbitrary URL via the websiteurl query parameter and makes a server-side HTTP request to it without any validation of the target host or IP address. The endpoint requires no authentication. An attacker can use this to reach internal network...
CVE-2025-15105 getmaxun auth.ts hard-coded key
A security flaw has been discovered in getmaxun maxun up to 0.0.28. Impacted is an unknown function of the file /getmaxun/maxun/blob/develop/server/src/routes/auth.ts. Performing manipulation of the argument apikey results in use of hard-coded cryptographic key . Remote exploitation of the attack...
PT-2018-12926 · Gogs · Gogs
Name of the Vulnerable Software and Affected Versions: Gogs versions prior to 0.12 Description: The issue allows remote attackers to redirect users to arbitrary websites, potentially leading to phishing attacks. This is achieved via an initial / substring in the redirect to parameter. The...