7175 matches found
CVE-2026-10239
A vulnerability was determined in JeecgBoot up to 3.9.2. The affected element is the function WordUtil.addImage of the file /airag/word/edit. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. The exploit has been publicly disclosed and may be...
CVE-2026-10241
A security flaw has been discovered in jeecgboot The server processes these URLs up to 3.9.1. This affects the function FileDownloadUtils.download2DiskFromNet of the file /airag/app/debug of the component Cloud Instance Metadata Endpoint. The manipulation results in server-side request forgery. T...
CVE-2026-10240
A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument baseUrl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly...
EUVD-2026-33605
A security flaw has been discovered in jeecgboot The server processes these URLs up to 3.9.1. This affects the function FileDownloadUtils.download2DiskFromNet of the file /airag/app/debug of the component Cloud Instance Metadata Endpoint. The manipulation results in server-side request forgery. T...
CVE-2026-10241 jeecgboot The server processes these URLs Cloud Instance Metadata Endpoint debug FileDownloadUtils.download2DiskFromNet server-side request forgery
A security flaw has been discovered in jeecgboot The server processes these URLs up to 3.9.1. This affects the function FileDownloadUtils.download2DiskFromNet of the file /airag/app/debug of the component Cloud Instance Metadata Endpoint. The manipulation results in server-side request forgery. T...
CVE-2026-10240 JeecgBoot test server-side request forgery
A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument baseUrl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly...
CVE-2026-10240
JeecgBoot up to 3.9.2 contains a server-side request forgery (SSRF) vulnerability in an unknown function of /airag/airagModel/test, triggered by manipulating the baseUrl argument. It is exploitable remotely and a public exploit exists. A fix is planned for the upcoming release.
CVE-2026-10240 JeecgBoot test server-side request forgery
A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument baseUrl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly...
CVE-2026-10239
JeecgBoot up to 3.9.2 has a vulnerability in WordUtil.addImage in /airag/word/edit that can enable server-side request forgery (SSRF) via remote manipulation. Public exploit details exist and exploit maturity is reported as PROOF-OF-CONCEPT. The referenced CVSS data indicate network access with l...
CVE-2026-10239 JeecgBoot edit WordUtil.addImage server-side request forgery
A vulnerability was determined in JeecgBoot up to 3.9.2. The affected element is the function WordUtil.addImage of the file /airag/word/edit. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. The exploit has been publicly disclosed and may be...
CVE-2026-10239 JeecgBoot edit WordUtil.addImage server-side request forgery
A vulnerability was determined in JeecgBoot up to 3.9.2. The affected element is the function WordUtil.addImage of the file /airag/word/edit. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. The exploit has been publicly disclosed and may be...
EUVD-2026-33601
A vulnerability was determined in JeecgBoot up to 3.9.2. The affected element is the function WordUtil.addImage of the file /airag/word/edit. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. The exploit has been publicly disclosed and may be...
CVE-2026-10517
The CVE describes a flaw in Clair’s fetcher where it makes outbound HTTP requests to attacker-supplied URIs taken from manifest layer descriptors without filtering IPs or schemes. If PSK authentication is not configured, an unauthenticated attacker can submit a manifest pointing to internal servi...
EUVD-2026-33599
A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not configured opt-in, not enforced by default, an unauthenticated attacker can submit a manifest with...
Exploit for Server-Side Request Forgery in Vercel Next.Js
NEXT-SSRF SSRF — CVE-2026-44578 Scanner & Exploit ║ ║ Next...
AEM MCP Server code-related vulnerabilities
The AEM MCP Server is a model context protocol server developed by Indrasishbanerjee, designed for content, components, and asset management. The AEM MCP Server has a code vulnerability that stems from incorrect handling of the parameter assetPath in the getAssetMetadata function within the Axios...
JeecgBoot code issues and vulnerabilities
JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.2 and earlier have code vulnerabilities. These vulnerabilities stem from incorrect operations with the parameter baseUrl in the /airag/airagModel/test file, which...
PT-2026-45497
A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component get build status/get build log/trigger build. Such manipulation leads to server-side request forgery. The attack may be performed from...
PT-2026-45350
A security flaw has been discovered in jeecgboot The server processes these URLs up to 3.9.1. This affects the function FileDownloadUtils.download2DiskFromNet of the file /airag/app/debug of the component Cloud Instance Metadata Endpoint. The manipulation results in server-side request forgery. T...
MCPilot code-related vulnerabilities
MCPilot is a multi-modal interactive assistant developed by Huang Runzhong, which integrates multiple AI models and the MCP protocol. Version 0.1.0 of MCPilot contains code vulnerabilities. These vulnerabilities stem from incorrect handling of the parameter serverBaseUrl in the MCP API Call...