13 matches found
Shopware: SSRF in Media External-Link Endpoint Bypasses IP Validation
Summary The /api/action/media/external-link endpoint allows authenticated admin users to make server-side HTTP HEAD requests to arbitrary internal IP addresses. While the parallel uploadFromURL flow validates target IPs against private/reserved ranges via FileUrlValidator, the linkURL flow only...
CVE-2026-7248
CVE-2026-7248 affects D-Link DI-8100 (firmware 16.07.26A1). The CGI Endpoint tgfile.htm component function tgfile_htm is vulnerable: manipulating the fn argument triggers a buffer overflow. The issue is remotely exploitable and an exploit has been publicized. No remediation details are provided i...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the POST /api/lunchflow/link endpoint, which insufficiently validates user-supplied URLs and fails to restrict access to internal or sensitive network addresses. An attacker can cause the server to...
GHSA-VF5J-R2HW-2HRW OpenCloud Affected by Public Link Exploit
Impact A security issue was discovered in Reva that enables a malicious user to bypass the scope validation of a public link. That allows it to access resources outside the scope of a public link. OpenCloud uses Reva as one of its core components and thus it is affected. Patches Update to OpenClo...
EUVD-2020-18663
Malware in sbrugna...
CVE-2024-5208
An uncontrolled resource consumption vulnerability exists in the upload-link endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service DOS by shutting down the server through sending invalid upload requests. Specifically, the server can be made to sh...
CVE-2024-5208
An uncontrolled resource consumption vulnerability exists in the upload-link endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service DOS by shutting down the server through sending invalid upload requests. Specifically, the server can be made to sh...
CVE-2024-5208
An uncontrolled resource consumption vulnerability exists in the upload-link endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service DOS by shutting down the server through sending invalid upload requests. Specifically, the server can be made to sh...
PT-2024-35120 · Mintplex · Anything-Llm
Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm affected versions not specified Description: An uncontrolled resource consumption issue exists in the "upload-link" endpoint, allowing attackers to cause a denial of service DOS by shutting down the server through...
Cacti link Local File Inclusion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cacti. Authentication is required to exploit this vulnerability. The specific flaw exists within the link endpoint. The issue results from the lack of proper validation of data retrieved from the...
PT-2023-29515 · Unknown · Neomind Fusion Platform
Name of the Vulnerable Software and Affected Versions: NeoMind Fusion Platform versions up to 20230731 Description: A problematic issue was found in the NeoMind Fusion Platform, affecting an unknown function of the file /fusion/portal/action/Link. The manipulation of the link argument leads to...
CVE-2022-34774
Tabit - Arbitrary account modification. One of the endpoints mapped by the tiny URL, was a page where an adversary can modify personal details, such as email addresses and phone numbers of a specific user in a restaurant's loyalty program. Possibly allowing account takeover the mail can be used t...
ALPINE-CVE-2017-6505
The ohciserviceedlist function in hw/usb/hcd-ohci.c in QEMU aka Quick Emulator before 2.9.0 allows local guest OS users to cause a denial of service infinite loop via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-9330...