PT-2026-40820

Name of the Vulnerable Software and Affected Versions ERPNext versions prior to 15.106.0 ERPNext versions prior to 16.16.0 Description A malicious user can send a crafted request to an endpoint, causing the server to make an HTTP call to a service chosen by the attacker. This is a Server-Side...

pyLoad 安全漏洞

pyLoad is an open-source download manager written in Python. Versions of pyLoad prior to 0.5.0b3.dev100 contained security vulnerabilities. These vulnerabilities stemmed from the setconfigvalue API method, which allowed options related to proxies to be included in the list. This could allow any...

PT-2026-39895

Name of the Vulnerable Software and Affected Versions Valtimo versions 12.4.0 through 12.32.0 Valtimo versions 13.0.0 through 13.25.0 Description The LoggingRestClientCustomizer in the web module automatically intercepts all outgoing HTTP calls made via Spring's RestClient and logs the full reque...

CVE-2026-31878 Frappe: Possible SSRF by any authenticated user

Frappe is a full-stack web application framework. Prior to 14.100.1, 15.100.0, and 16.6.0, a malicious user could send a crafted request to an endpoint which would lead to the server making an HTTP call to a service of the user's choice. This vulnerability is fixed in 14.100.1, 15.100.0, and 16.6...

CVE-2023-43982

Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side Request Forgery SSRF via the url parameter at instaparser.php. This vulnerability allows attackers to use the vulnerable website as proxy to attack other websites or exfiltrate data via a HTTP call...

EUVD-2022-28105

Malicious code in bioql PyPI...

EUVD-2022-27691

Malicious code in bioql PyPI...

Exploit for Cross-site Scripting in Wondercms

https://sploitus.com/exploit?id=3A833277-4844-5F02-AFEF-5EA6B...

Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to denial of service [CVE-2024-22025]

Summary Node.js is used by IBM App Connect Enterprise Certified Container as a runtime engine for processing data. IBM App Connect Enterprise Certified Container is vulnerable to denial of service when making HTTP calls using Node.js. This bulletin provides patch information to address the report...

PrestaShop SQL Injection Vulnerability (CNVD-2023-9749945)

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. PrestaShop suffers from a SQL injection vulnerability that stems from the module havi...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to loss of confidentiality due to [CVE-2023-32681]

Summary Python module Requests is used by IBM App Connect Enterprise Certified Container for making HTTPS calls in mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to loss of confidentiality. This bulletin...

SAP NetWeaver AS ABAP Multiple Vulnerabilities (Feb 2022)

Multiple vulnerabilities may be present in SAP NetWeaver Application Server ABAP, including the following: - SAP Netweaver AS - versions 700, 701, 702, 710, 711, 730, 740, 750, 751, 752, 753, 754, 755, 756 - contain a cross-site scripting vulnerability that allows an unauthenticated attacker to...

Reolink Rlc-410W 输入验证错误漏洞

Reolink Rlc-410W is a Wifi security camera from Reolink China.A denial of service vulnerability exists in Reolink RLC-410W, which can be exploited by attackers to cause a reboot via a compiled HTTP request...

Pentaho Business Analytics / Pentaho Business Server 9.1 Insufficient Access Control

Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: = 9.1 Vulnerability Type: Insufficient Access Control of Data Source Management Service Solution Status: Fix Released on public GitHub repository Manufacturer Notification: 8th...

Insecure Access Controls

novajoin uses insecure access controls. The lack of access controls allows an attacker to generate tokens from authenticated users to gain access to HTTP calls to the API...

Fedora Update for nodejs-request FEDORA-2013-11780

Check for the Version of nodejs-request OpenVAS Vulnerability Test Fedora Update for nodejs-request FEDORA-2013-11780 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...

CVE-1999-0923

CVE-1999-0923 affects ColdFusion Server 4.0 through sample runnable code snippets that allow remote attackers to read files, cause a denial of service, or use the server as a proxy for other HTTP calls. The description indicates impact on confidentiality, integrity, and availability (partial C/I/...