Lucene search
+L

700 matches found

Snyk
Snyk
added 2026/04/16 11:0 p.m.5 views

Server-side Request Forgery (SSRF)

Overview langchain-openai is an An integration package connecting OpenAI and LangChain Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the image token counting urltosize function. An attacker can access internal network resources by exploiting a DNS...

3.1CVSS5.8AI score0.00158EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/16 9:38 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the jwksUri field of the RequestAuthentication resource. An attacker can access internal network resources by specifying a URL pointing to an internal service, causing the system to make unauthenticat...

7.7CVSS5.8AI score0.00329EPSS
Exploits0References2
NVD
NVD
added 2026/04/16 10:16 a.m.6 views

CVE-2024-8010

The component accepts XML input through the publisher without disabling external entity resolution. This allows malicious actors to submit a crafted XML payload that exploits the unescaped external entity references. By leveraging this vulnerability, a malicious actor can read confidential files...

7.5CVSS0.00273EPSS
Exploits0References1
CVE
CVE
added 2026/04/16 8:12 a.m.16 views

CVE-2024-2374

The CVE-2024-2374 entry describes an XML External Entity (XXE) issue in the XML parsers of multiple WSO2 products, where user-supplied XML data is not configured to disable external-resource resolution. This allows an attacker to read files from the file system and access limited HTTP resources r...

9.1CVSS5.7AI score0.00377EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.9 views

WSO2 API Manager 安全漏洞

The WSO2 API Manager is a set of API lifecycle management solutions provided by the American company WSO2. There is a security vulnerability present in the WSO2 API Manager publishers. This vulnerability stems from the component’s inability to disable external entity resolution when accepting XML...

7.5CVSS5.8AI score0.00273EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/15 7:23 p.m.7 views

CVE-2026-26162

Access of resource using incompatible type 'type confusion' in Windows OLE allows an authorized attacker to elevate privileges locally...

7.8CVSS6.2AI score0.00298EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/15 7:22 p.m.7 views

CVE-2026-20806

Access of resource using incompatible type 'type confusion' in Windows COM allows an authorized attacker to disclose information locally...

5.5CVSS5.7AI score0.00341EPSS
Exploits0References1
NVD
NVD
added 2026/04/14 11:16 p.m.2 views

CVE-2026-27298

Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Resource Using Incompatible Type 'Type Confusion' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must op...

7.8CVSS0.00176EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/14 10:58 p.m.3 views

CVE-2026-27298

Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Resource Using Incompatible Type 'Type Confusion' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must op...

7.8CVSS6.3AI score0.00176EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/14 10:58 p.m.10 views

CVE-2026-27298 Adobe Framemaker | Access of Resource Using Incompatible Type ('Type Confusion') (CWE-843)

Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Resource Using Incompatible Type 'Type Confusion' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must op...

7.8CVSS6.3AI score0.00176EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/14 8:6 p.m.8 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the APICall feature. An attacker can access sensitive internal resources and exfiltrate confidential data by supplying arbitrary URLs to the APICall feature, which are executed with elevated privilege...

7.7CVSS5.9AI score
Exploits0References2
NVD
NVD
added 2026/04/14 6:16 p.m.12 views

CVE-2025-70023

An issue pertaining to CWE-843: Access of Resource Using Incompatible Type was discovered in transloadit uppy v0.25.6...

9.8CVSS0.00448EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/14 12:0 a.m.4 views

CVE-2025-70023

An issue pertaining to CWE-843: Access of Resource Using Incompatible Type was discovered in transloadit uppy v0.25.6...

5.8AI score0.00448EPSS
Exploits0References3
CVE
CVE
added 2026/04/14 12:0 a.m.9 views

CVE-2025-70023

CVE-2025-70023 affects transloadit uppy v0.25.6. The issue is CWE-843: Access of Resource Using Incompatible Type, caused by a type/resource access mismatch in the vulnerable component. CVSSv3.1 base score is 9.8 (CRITICAL) with network attack vector, no privileges required, no user interaction, ...

9.8CVSS5.8AI score0.00448EPSS
Exploits0References3
NVD
NVD
added 2026/04/13 5:16 a.m.3 views

CVE-2026-40446

Access of resource using incompatible type 'type confusion' vulnerability in Samsung Open Source Escargot allows Pointer Manipulation.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...

9.8CVSS0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/13 4:56 a.m.33 views

CVE-2026-40446

Access of resource using incompatible type 'type confusion' vulnerability in Samsung Open Source Escargot allows Pointer Manipulation.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...

6.9CVSS0.00231EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.8 views

PT-2026-32258

Access of resource using incompatible type 'type confusion' vulnerability in Samsung Open Source Escargot allows Pointer Manipulation.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...

6.9CVSS5.8AI score0.00231EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/10 7:20 p.m.3 views

EUVD-2026-21571

Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/stream endpoint is vulnerable to SSRF. Although the application validates the initially supplied URL and blocks direct private/internal hosts, it does not re-validate the final destination after HTTP redirects. As a...

8.2CVSS5.8AI score0.00371EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.15 views

PT-2026-31330

Name of the Vulnerable Software and Affected Versions mirror-registry affected versions not specified Description An issue exists in mirror-registry where authenticated users can exploit the log export feature by providing a specially crafted web address URL. This allows the application's backend...

6.5CVSS5.9AI score0.00405EPSS
Exploits0References20
BDU FSTEC
BDU FSTEC
added 2026/04/08 12:0 a.m.3 views

The vulnerability in the JavaScript Engine component of Mozilla Firefox, Firefox ESR, and the Thunderbird email client allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the JavaScript Engine component in Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to access to resources through incompatible types. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility ...

10CVSS7.3AI score0.00755EPSS
Exploits0References16Affected Software6
Rows per page
Query Builder