Lucene search
+L

4891 matches found

Github Security Blog
Github Security Blog
added 2 hours ago3 views

meta-ads-mcp: Server-Side Request Forgery (SSRF) in `upload_ad_image` via Unrestricted `image_url` Fetch

Server-Side Request Forgery SSRF in uploadadimage via Unrestricted imageurl Fetch Summary The uploadadimage MCP tool in meta-ads-mcp v1.0.113 passes an attacker-controlled imageurl parameter directly to an HTTP fetch helper httpx.AsyncClientfollowredirects=True.geturl without any scheme, host, or...

6AI score
Exploits0References4Affected Software1
Cvelist
Cvelist
added 5 hours ago15 views

CVE-2026-49215 Symfony UX: CSRF Protection Bypass in symfony/ux-live-component — Accept Header is CORS-Safelisted

Symfony UX is a JavaScript ecosystem for Symfony. From 2.22.0 until 2.36.0 and 3.1.0, Symfony\UX\LiveComponent\EventListener\LiveComponentSubscriber::isLiveComponentRequest gates LiveAction invocations on Accept: application/vnd.live-component+html, but the Accept header is CORS-safelisted and...

2.1CVSS
Exploits0References4
NVD
NVD
added 8 hours ago5 views

CVE-2026-13410

Dancer::Plugin::Auth::Google versions through 0.07 for Perl have TLS verification disabled. The default user agent is initialised with SSLverifymode explicitly disabled. An attacker with network man-in-the-middle MITM capability between the Dancer application and googleapis.com can intercept the...

8.2CVSS
Exploits0References4
EUVD
EUVD
added 8 hours ago6 views

EUVD-2026-45168

Dancer::Plugin::Auth::Google versions through 0.07 for Perl have TLS verification disabled. The default user agent is initialised with SSLverifymode explicitly disabled. An attacker with network man-in-the-middle MITM capability between the Dancer application and googleapis.com can intercept the...

8.2CVSS5.4AI score
Exploits0References3
Nuclei
Nuclei
added 16 hours ago13 views

WordPress Simple Job Board - Unauthorized Data Access

The Simple Job Board plugin for WordPress is vulnerable to unauthorized data access due to insufficient authorization checking in the fetchquickjob function in all versions up to and including 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be...

5.3CVSS6.8AI score0.00909EPSS
Exploits0References3
Cvelist
Cvelist
added 21 hours ago9 views

CVE-2026-62212 OpenClaw < 2026.5.28 Authentication Bypass via safeFetch

OpenClaw before 2026.5.28 contains a race condition in the MS Teams safeFetch DNS rebinding check. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could win a timing window between the DNS validation check and use, allowing actions that should hav...

7.1CVSS
Exploits0References2
OSV
OSV
added yesterday3 views

GHSA-22XC-XG2R-9J7V Envoy Gateway: xDS Control Plane Information Disclosure when operating in GatewayNamespaceMode

Impact When Envoy Gateway runs in GatewayNamespaceMode provider.kubernetes.deploy.type=GatewayNamespace, the xDS gRPC server is configured with a StreamInterceptor for JWT authentication but no UnaryInterceptor. The go-control-plane xDS server exposes both streaming and unary Fetch RPC methods fo...

7.4CVSS6.1AI score0.00027EPSS
Exploits0References2
OSV
OSV
added yesterday3 views

GHSA-CXPQ-8V7Q-CG56 Envoy Gateway: Wasm HTTP fetch decompresses gzip without output-size limit

Vulnerability report without repro case. Repro case may be added later after harness is complete. Preconditions 4: - Tenant can create EnvoyExtensionPolicy baseline - Attacker hosts a gzip-bomb at a reachable URL - sha256 unset optional field; check is post-decompression anyway - No operator...

6.5CVSS6.2AI score0.00044EPSS
Exploits0References2
CVE
CVE
added yesterday25 views

CVE-2026-46341

CVE-2026-46341 affects Apify MCP Server prior to v0.9.21, where fetch-apify-docs.ts validates allowed domains with a startsWith() check instead of proper hostname comparison, enabling attacker-controlled subdomains (e.g., https://docs.apify.com.evil.com/ or https://[email protected]/) to pa...

6.1CVSS6.2AI score0.00045EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-46341

The Apify MCP server enables AI agents to extract data from websites using ready-made scrapers, crawlers, and automation tools available on the Apify Store. Prior to 0.9.21, the fetch-apify-docs tool in src/tools/common/fetchapifydocs.ts validates allowlisted documentation domains with...

6.1CVSS6.2AI score0.00045EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added yesterday32 views

CVE-2026-46341 Apify MCP server: Domain Allowlist Bypass in fetch-apify-docs via String Prefix Matching

The Apify MCP server enables AI agents to extract data from websites using ready-made scrapers, crawlers, and automation tools available on the Apify Store. Prior to 0.9.21, the fetch-apify-docs tool in src/tools/common/fetchapifydocs.ts validates allowlisted documentation domains with...

6.1CVSS0.00045EPSS
Exploits0References4
CVE
CVE
added yesterday10 views

CVE-2025-71388

CVE-2025-71388 affects stoatchat (delta/Revolt) versions from 20241213-1 up to before 20250210-1. The issue stems from the webhook fetch endpoint checking ViewChannel (read) instead of ManageWebhooks, allowing users with only channel read permission to retrieve the channel’s webhooks and their to...

7.6CVSS6.2AI score
Exploits0References3
CVE
CVE
added yesterday9 views

CVE-2025-71377

CVE-2025-71377 affects stoatchat (delta) versions before 20250210-1 (0.8.2). The issue is a logic error in the query messages route: when fetching messages labeled as 'nearby' another message, the code can pass a message limit of zero, which the database interprets as no limit. An unauthenticated...

8.7CVSS6.1AI score
Exploits0References3
NVD
NVD
added 2 days ago6 views

CVE-2026-49987

Repomix is a tool that packs repositories into AI-friendly files. Prior to 1.14.1, src/core/git/gitCommand.ts execGitShallowClone passes the --remote-branch value directly to git fetch and git checkout without validation or --end-of-options, allowing --upload-pack or other Git option injection th...

7.5CVSS0.00697EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-49987 Repomix: Command Injection (RCE) via `--remote-branch` Argument Injection

Repomix is a tool that packs repositories into AI-friendly files. Prior to 1.14.1, src/core/git/gitCommand.ts execGitShallowClone passes the --remote-branch value directly to git fetch and git checkout without validation or --end-of-options, allowing --upload-pack or other Git option injection th...

7.5CVSS0.00697EPSS
Exploits0References3
OSV
OSV
added 2 days ago3 views

CVE-2026-49987 Repomix: Command Injection (RCE) via `--remote-branch` Argument Injection

Repomix is a tool that packs repositories into AI-friendly files. Prior to 1.14.1, src/core/git/gitCommand.ts execGitShallowClone passes the --remote-branch value directly to git fetch and git checkout without validation or --end-of-options, allowing --upload-pack or other Git option injection th...

7.5CVSS6.2AI score0.00697EPSS
Exploits0References5
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-24234

NVIDIA TensorRT-LLM for Linux contains a vulnerability in the multimodal media fetching functions, where a network-accessible attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to denial of service and information disclosure...

6.8CVSS0.00113EPSS
Exploits0References2
OSV
OSV
added 3 days ago3 views

MAL-2026-10612 Malicious code in assertion-utils-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 311d22d9694863456136cf4f8b69a291fdbb631eda56bafca1959e0c184774a1 assertion-utils-js is a typosquat of chai name, description, and keywords mirror the real package. On require, index.js spawns a detached Node child...

6.2AI score
Exploits0References2
NVD
NVD
added 3 days ago6 views

CVE-2026-15620

A security vulnerability has been detected in mosaxiv clawlet up to 0.2.10. This affects the function tools.webFetch of the file tools/toolwebfetch.go. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be...

6.5CVSS0.00228EPSS
Exploits0References6
NVD
NVD
added 3 days ago6 views

CVE-2026-15619

A weakness has been identified in mosaxiv clawlet up to 0.2.10. The impacted element is the function webfetch of the file tools/toolwebfetch.go of the component IPv4 Handler. This manipulation of the argument url causes server-side request forgery. The attack can be initiated remotely. The exploi...

7.5CVSS0.00252EPSS
Exploits0References6
Rows per page
Query Builder