Server-Side Request Forgery (SSRF)

Pydantic AI is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of URLs in the download functionality when processing untrusted message history, which allows an attacker to supply malicious URLs that force the server to make unauthorized requests to...

CVE-2025-66608

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate URLs. An attacker could send specially crafted requests to steal files from the web server. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVR...

EUVD-2017-10177

Malware in sbrugna...

PT-2025-35673

Name of the Vulnerable Software and Affected Versions: Samsung Account versions prior to 14.1.0.0 Description: An improper URL input validation issue exists in the Samsung Account application. This can allow remote attackers to obtain sensitive information. Recommendations: Update the Samsung...

CVE-2025-1026

Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method, which results in a Local File Inclusion allowing the attacker to read sensitive files. Note: This is a bypass of the fix for CVE-2024-21549...

CBL Mariner 2.0 Security Update: python3 (CVE-2024-11168)

The version of python3 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-11168 advisory. - The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that...

File Handling and Storage Helper 安全漏洞

File Handling and Storage Helper is a file handling and storage helper from the individual developer Conrad Carpenter. A security vulnerability exists in File Handling and Storage Helper versions prior to 1.5.0 and 2.x prior to 2.3.0, which stems from a failure to properly validate URLs within...

Server Side Request Forgery

@strapi/strapi is vulnerable to Server Side Request Forgery. The vulnerability is due to improper url parameter validation within the /strapi.io/next/image endpoint, which allows an attacker to send request to internal resources on the network...

CVE-2024-25154 Path Traversal in FileCatalyst Direct 3.8.8 and Earlier

Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may lead to data leakage...

CVE-2024-25154

CVE-2024-25154 affects FileCatalyst Direct 3.8.8 and earlier, due to improper URL validation that allows path traversal. An encoded payload can cause the web server to return files outside the web root, potentially leaking data. Public references in connected documents indicate remediation via up...

CVE-2024-24808 pyLoad open redirect vulnerability due to improper validation of the is_safe_url function

pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the getredirecturl function when redirecting users at login. This vulnerability h...

CVE-2023-42580

Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store...

Input validation

Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store...

CVE-2023-42581

Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data...

CVE-2023-30703

Samsung Members contains an improper URL validation vulnerability (CVE-2023-30703) affecting versions prior to 14.0.07.1. The issue could allow an attacker to access sensitive information. The cited PT-2023-22903 entry confirms the vulnerable range and provides remediation guidance: upgrade to ve...

CVE-2020-36321

Improper URL validation in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.4.1 Vaadin 14.0.0 through 14.4.2, and 3.0 prior to 5.0 Vaadin 15 prior to 18 allows attacker to request arbitrary files stored outside of intended frontend resources folder...

CVE-2020-36321

Improper URL validation in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.4.1 Vaadin 14.0.0 through 14.4.2, and 3.0 prior to 5.0 Vaadin 15 prior to 18 allows attacker to request arbitrary files stored outside of intended frontend resources folder...

CVE-2020-36321 Directory traversal in development mode handler in Vaadin 14 and 15-17

Improper URL validation in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.4.1 Vaadin 14.0.0 through 14.4.2, and 3.0 prior to 5.0 Vaadin 15 prior to 18 allows attacker to request arbitrary files stored outside of intended frontend resources folder...

Directory traversal in development mode handler in Vaadin 14 and 15-17

Improper URL validation in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.4.1 Vaadin 14.0.0 through 14.4.2, and 3.0 prior to 5.0 Vaadin 15 prior to 18 allows attacker to request arbitrary files stored outside of intended frontend resources folder. See CWE-20: Improper...

curl: Port and service scanning on localhost due to improper URL validation.

Summary: Generally web masters and developers protect user-accessible CURL from requesting forbidden domains so that the attacker is not able to access internal resources. It is usually done using regular expressions. Mostly addresses like 127.x.x.x, 192.168.x.x and "integer" notation of IP...