700 matches found
Server-side Request Forgery (SSRF)
Overview langchain-openai is an An integration package connecting OpenAI and LangChain Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the image token counting urltosize function. An attacker can access internal network resources by exploiting a DNS...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the jwksUri field of the RequestAuthentication resource. An attacker can access internal network resources by specifying a URL pointing to an internal service, causing the system to make unauthenticat...
CVE-2024-8010
The component accepts XML input through the publisher without disabling external entity resolution. This allows malicious actors to submit a crafted XML payload that exploits the unescaped external entity references. By leveraging this vulnerability, a malicious actor can read confidential files...
CVE-2024-2374
The CVE-2024-2374 entry describes an XML External Entity (XXE) issue in the XML parsers of multiple WSO2 products, where user-supplied XML data is not configured to disable external-resource resolution. This allows an attacker to read files from the file system and access limited HTTP resources r...
WSO2 API Manager 安全漏洞
The WSO2 API Manager is a set of API lifecycle management solutions provided by the American company WSO2. There is a security vulnerability present in the WSO2 API Manager publishers. This vulnerability stems from the component’s inability to disable external entity resolution when accepting XML...
CVE-2026-26162
Access of resource using incompatible type 'type confusion' in Windows OLE allows an authorized attacker to elevate privileges locally...
CVE-2026-20806
Access of resource using incompatible type 'type confusion' in Windows COM allows an authorized attacker to disclose information locally...
CVE-2026-27298
Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Resource Using Incompatible Type 'Type Confusion' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must op...
CVE-2026-27298
Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Resource Using Incompatible Type 'Type Confusion' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must op...
CVE-2026-27298 Adobe Framemaker | Access of Resource Using Incompatible Type ('Type Confusion') (CWE-843)
Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Resource Using Incompatible Type 'Type Confusion' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must op...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the APICall feature. An attacker can access sensitive internal resources and exfiltrate confidential data by supplying arbitrary URLs to the APICall feature, which are executed with elevated privilege...
CVE-2025-70023
An issue pertaining to CWE-843: Access of Resource Using Incompatible Type was discovered in transloadit uppy v0.25.6...
CVE-2025-70023
An issue pertaining to CWE-843: Access of Resource Using Incompatible Type was discovered in transloadit uppy v0.25.6...
CVE-2025-70023
CVE-2025-70023 affects transloadit uppy v0.25.6. The issue is CWE-843: Access of Resource Using Incompatible Type, caused by a type/resource access mismatch in the vulnerable component. CVSSv3.1 base score is 9.8 (CRITICAL) with network attack vector, no privileges required, no user interaction, ...
CVE-2026-40446
Access of resource using incompatible type 'type confusion' vulnerability in Samsung Open Source Escargot allows Pointer Manipulation.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...
CVE-2026-40446
Access of resource using incompatible type 'type confusion' vulnerability in Samsung Open Source Escargot allows Pointer Manipulation.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...
PT-2026-32258
Access of resource using incompatible type 'type confusion' vulnerability in Samsung Open Source Escargot allows Pointer Manipulation.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...
EUVD-2026-21571
Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/stream endpoint is vulnerable to SSRF. Although the application validates the initially supplied URL and blocks direct private/internal hosts, it does not re-validate the final destination after HTTP redirects. As a...
PT-2026-31330
Name of the Vulnerable Software and Affected Versions mirror-registry affected versions not specified Description An issue exists in mirror-registry where authenticated users can exploit the log export feature by providing a specially crafted web address URL. This allows the application's backend...
The vulnerability in the JavaScript Engine component of Mozilla Firefox, Firefox ESR, and the Thunderbird email client allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the JavaScript Engine component in Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to access to resources through incompatible types. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility ...