OneNav v0.9.35-20240318 - Server-Side Request Forgery (SSRF)

OneNav v0.9.35-20240318 is vulnerable to server-side request forgery SSRF via the url parameter in the getlinkinfo API. An attacker can force the server to make arbitrary requests, potentially accessing internal resources. id: CVE-2024-33832 info: name: OneNav v0.9.35-20240318 - Server-Side Reque...

CVE-2022-26276

An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal...

EUVD-2021-25150

Malware in sbrugna...

EUVD-2021-24611

Malware in sbrugna...

EUVD-2023-59391

Malicious code in bioql PyPI...

EUVD-2025-8670

Malicious code in bioql PyPI...

EUVD-2025-8671

Malicious code in bioql PyPI...

EUVD-2022-30837

Malicious code in bioql PyPI...

CVE-2024-33832

OneNav v0.9.35-20240318 was discovered to contain a Server-Side Request Forgery SSRF via the component /index.php?c=api=getlinkinfo...

CVE-2023-7210

A vulnerability was found in OneNav up to 0.9.33. It has been classified as critical. This affects an unknown part of the file /index.php?c=api of the component API. The manipulation of the argument X-Token leads to improper authentication. It is possible to initiate the attack remotely. The...

CVE-2021-38138

OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release...

CVE-2021-38712

OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents. NOTE: the vendor's recommended solution is to block the access via an NGINX configuration file...

CVE-2025-28097

OneNav 1.1.0 is vulnerable to Cross Site Scripting XSS in custom headers...

CVE-2025-28096

OneNav 1.1.0 is vulnerable to Server-Side Request Forgery SSRF in custom headers...

CVE-2025-28096

OneNav 1.1.0 is vulnerable to Server-Side Request Forgery SSRF in custom headers...

CVE-2025-28097

OneNav 1.1.0 is vulnerable to Cross Site Scripting XSS in custom headers...

CVE-2025-28096

OneNav 1.1.0 is vulnerable to Server-Side Request Forgery SSRF in custom headers...

CVE-2025-28097

OneNav 1.1.0 is vulnerable to Cross Site Scripting XSS in custom headers...

OneNav 安全漏洞

OneNav is a bookmark management tool from OneNav, Inc. A security vulnerability exists in OneNav version 1.1.0 that stems from a server-side request forgery in a customized header...

PT-2025-13591 · Onenav · Onenav

Name of the Vulnerable Software and Affected Versions: OneNav version 1.1.0 Description: The issue is related to Server-Side Request Forgery SSRF in custom headers. This means an attacker could potentially force the server to make requests to arbitrary domains, which could lead to unauthorized...