50 matches found
CVE-2026-25492 Craft has a save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host
Craft CMS is a content management system. In Craft versions 3.5.0 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveimagesAsset GraphQL mutation can be abused to fetch internal URLs by providing a domain name that resolves to an internal IP address, bypassing hostname validation. When a...
PT-2026-7142
Craft CMS is a content management system. In Craft versions 3.5.0 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the save images Asset GraphQL mutation can be abused to fetch internal URLs by providing a domain name that resolves to an internal IP address, bypassing hostname validation. When a...
EUVD-2022-53144
Malicious code in bioql PyPI...
EUVD-2023-56164
Malicious code in bioql PyPI...
EUVD-2025-23998
Malicious code in bioql PyPI...
EUVD-2024-23579
Malicious code in bioql PyPI...
EUVD-2025-31630
Malicious code in bioql PyPI...
EUVD-2022-53468
Malicious code in bioql PyPI...
CVE-2025-34230
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain a blind server-side request forgery SSRF vulnerability reachable via the /var/www/app/consolerelease/hp/logoffsinglesignon.php script that can...
CVE-2025-34229
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain a blind server-side request forgery SSRF vulnerability reachable via the /var/www/app/consolerelease/hp/installApp.php script that can be...
CVE-2025-34229
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain a blind server-side request forgery SSRF vulnerability reachable via the /var/www/app/consolerelease/hp/installApp.php script that can be...
CVE-2025-34229
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain a blind server-side request forgery SSRF vulnerability reachable via the /var/www/app/consolerelease/hp/installApp.php script that can be...
PT-2025-39895
Name of the Vulnerable Software and Affected Versions Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 25.1.102 Vasion Print formerly PrinterLogic Application versions prior to 25.1.1413 Description The software contains a blind server-side request forgery SSRF issue...
CVE-2024-26309
Archer Platform 6.x before 6.14 P2 HF2 6.14.0.2.2 contains a sensitive information disclosure vulnerability. An unauthenticated attacker could potentially obtain access to sensitive information via an internal URL...
CVE-2019-14959
JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection...
CKAN 安全漏洞
CKAN is an open source DMS Data Management System from CKAN Open Source. It is used to power data centers and data portals. CKAN suffers from a security vulnerability that stems from the fact that if there is a connectivity problem with the Solr server, the internal Solr URL is leaked to the...
CVE-2024-26309
Archer Platform 6.x before 6.14 P2 HF2 6.14.0.2.2 contains a sensitive information disclosure vulnerability. An unauthenticated attacker could potentially obtain access to sensitive information via an internal URL...
Information disclosure
Archer Platform 6.x before 6.14 P2 HF2 6.14.0.2.2 contains a sensitive information disclosure vulnerability. An unauthenticated attacker could potentially obtain access to sensitive information via an internal URL...
CVE-2024-26309
Archer Platform 6.x before 6.14 P2 HF2 6.14.0.2.2 contains a sensitive information disclosure vulnerability. An unauthenticated attacker could potentially obtain access to sensitive information via an internal URL...
RHEL 8 : Red Hat OpenStack 16.1.9 (openstack-tripleo-heat-templates) (RHSA-2022:8796)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:8796 advisory. Heat templates for TripleO Security Fixes: data leak of internal URL through keystoneauthtoken CVE-2021-4180 Other fixes: Before this update, NTP...