Lucene search
K

7 matches found

Github Security Blog
Github Security Blog
added 2026/03/27 6:31 a.m.7 views

Spring AI: Insufficient Validation causes SSRF when processing multimodal messages with user-supplied URLs

Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery SSRF vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server to issue HTTP requests...

8.6CVSS5.9AI score0.00353EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/03/27 5:27 a.m.22 views

CVE-2026-22742

The provided sources confirm a concrete SSRF vulnerability in Spring AI’s spring-ai-bedrock-converse BedrockProxyChatModel, triggered when processing multimodal messages with user-supplied media URLs. The root cause is insufficient validation of those URLs, allowing the server to issue HTTP reque...

8.6CVSS5.8AI score0.00353EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/02/03 10:16 p.m.5 views

CVE-2020-37096

Edimax EW-7438RPn 1.13 contains a cross-site request forgery vulnerability in the MAC filtering configuration interface. Attackers can craft malicious web pages to trick users into adding unauthorized MAC addresses to the device's filtering rules without their consent...

5.3CVSS0.00145EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/05 12:7 a.m.12 views

CVE-2025-3654

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to device hardware information by exploiting insecure API endpoints. Attackers can retrieve device serial numbers and MAC addresses through...

6.9CVSS6.2AI score0.00241EPSS
Exploits0References1
OSV
OSV
added 2022/06/07 7:15 p.m.3 views

CVE-2022-30728

Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information...

3.3CVSS5.8AI score0.00102EPSS
Exploits0References1
CNVD
CNVD
added 2018/09/07 12:0 a.m.4 views

Technicolor TG588V V2 Denial of Service Vulnerability

The Technicolor TG588V V2 is an ADSL VDSL router. A denial of service vulnerability exists in the Technicolor TG588V V2. A remote attacker could exploit this vulnerability to cause a denial of service network outage via a large number of random MAC addresses...

6.5CVSS6.4AI score0.0116EPSS
Exploits1References1
CNVD
CNVD
added 2018/07/20 12:0 a.m.2 views

TP-Link WR840N Denial of Service Vulnerability

The TP-Link WR840N is a wireless router product from China P&L TP-LINK. A buffer overflow vulnerability exists in the TP-Link WR840N. A remote attacker can exploit this vulnerability to cause a denial of service loss of connection via a series of packets containing random MAC addresses...

7.5CVSS7.7AI score0.08297EPSS
Exploits3References1
Rows per page
Query Builder