7150 matches found
EspoCRM 代码问题漏洞
EspoCRM is an open-source, web-based Customer Relationship Management system CRM developed by EspoCRM. This system offers features such as sales automation, community management, and customer support. Versions of EspoCRM 9.3.3 and earlier contained code vulnerabilities. These vulnerabilities...
PT-2026-32531
A vulnerability was identified in HummerRisk up to 1.5.0. This vulnerability affects the function ServerService.addServer of the file ServerService.java of the component Video File Download URL Handler. Such manipulation of the argument streamIp leads to server-side request forgery. It is possibl...
Apache SkyWalking MCP 安全漏洞
Apache SkyWalking MCP is a distributed system-oriented observability data management and processing component developed by the Apache Foundation. Version 0.1.0 of Apache SkyWalking MCP contains a security vulnerability, which stems from server-side request forgery in the SW-URL header...
WordPress UsersWP plugin <= 1.2.58 - Authenticated (Subscriber+) Server-Side Request Forgery via 'uwp_crop' Parameter vulnerability
Authenticated Subscriber+ Server-Side Request Forgery via 'uwpcrop' Parameter vulnerability discovered by s00me00ne in WordPress Plugin UsersWP versions = 1.2.58...
EUVD-2026-21715
A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function postdata.get of the component API Endpoint. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used...
CVE-2026-6119
A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function postdata.get of the component API Endpoint. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used...
CVE-2026-6119
A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function postdata.get of the component API Endpoint. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used...
CVE-2026-6119 AstrBotDevs AstrBot API Endpoint post_data.get server-side request forgery
A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function postdata.get of the component API Endpoint. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used...
CVE-2026-6119
CVE-2026-6119 affects AstrBotDevs AstrBot up to version 4.22.1. The vulnerability is in the API Endpoint’s post_data.get function, enabling server-side request forgery (SSRF) and potentially allowing remote exploitation. Public exploits are noted, with PoC activity observed. The issue is acknowle...
GHSA-R5V8-C28H-F8R8 MetaGPT affected by server-side request forgery in metagpt/utils/common.py
A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.2. This impacts the function decodeimage of the file metagpt/utils/common.py. The manipulation of the argument imgurlorb64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit ha...
CVE-2026-6111
A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decodeimage of the file metagpt/utils/common.py. The manipulation of the argument imgurlorb64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit ha...
CVE-2026-6111 FoundationAgents MetaGPT common.py decode_image server-side request forgery
A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decodeimage of the file metagpt/utils/common.py. The manipulation of the argument imgurlorb64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit ha...
EUVD-2026-21698
A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decodeimage of the file metagpt/utils/common.py. The manipulation of the argument imgurlorb64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit ha...
CVE-2026-6111 FoundationAgents MetaGPT common.py decode_image server-side request forgery
A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decodeimage of the file metagpt/utils/common.py. The manipulation of the argument imgurlorb64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit ha...
CVE-2026-6111
A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decodeimage of the file metagpt/utils/common.py. The manipulation of the argument imgurlorb64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit ha...
CVE-2026-6111
CVE-2026-6111 affects FoundationAgents MetaGPT (up to at least 0.8.1/0.8.2) and targets the function decode_image in metagpt/utils/common.py . Manipulating the argument img_url_or_b64 enables a server-side request forgery (SSRF) that can be triggered remotely. The CVSS data indicates network acce...
VulnCheck KEV: CVE-2025-22952
elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery SSRF due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks...
PT-2026-32151
A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function post data.get of the component API Endpoint. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be use...
MetaGPT 代码问题漏洞
MetaGPT is a multi-agent framework developed by MetaGPT Inc. Versions of MetaGPT 0.8.1 and earlier contained code vulnerabilities. These vulnerabilities stemmed from the improper handling of the imgurlorb64 parameter in the decodeimage function within the metagpt/utils/common.py file, which could...
AstrBot 代码问题漏洞
AstrBot is an open-source multi-platform LLM chatbot and development framework developed by AstrBot. Versions of AstrBot 4.22.1 and earlier contained code vulnerabilities. These vulnerabilities stemmed from improper handling of the postdata.get function in the API Endpoint component, which could...