CVE-2026-5623 hcengineering Huly Platform Import Endpoint index.ts server-side request forgery

A vulnerability was identified in hcengineering Huly Platform 0.7.382. This affects an unknown part of the file server/front/src/index.ts of the component Import Endpoint. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit is publicly availabl...

CVE-2026-5623

CVE-2026-5623 affects hcengineering Huly Platform 0.7.382, specifically the Import Endpoint in file server/front/src/index.ts. The vulnerability enables server-side request forgery (SSRF) through manipulation of the indicated component, with remote exploitability. Public exploit exists; disclosur...

CVE-2026-5618

A vulnerability was detected in kalcaddle kodbox up to 1.64. This affects an unknown function of the component shareMake/shareCheck. Performing a manipulation of the argument siteFrom/siteTo results in server-side request forgery. The attack is possible to be carried out remotely. The complexity ...

CVE-2026-5618 kalcaddle kodbox shareMake/shareCheck server-side request forgery

A vulnerability was detected in kalcaddle kodbox up to 1.64. This affects an unknown function of the component shareMake/shareCheck. Performing a manipulation of the argument siteFrom/siteTo results in server-side request forgery. The attack is possible to be carried out remotely. The complexity ...

CVE-2026-5618

A vulnerability was detected in kalcaddle kodbox up to 1.64. This affects an unknown function of the component shareMake/shareCheck. Performing a manipulation of the argument siteFrom/siteTo results in server-side request forgery. The attack is possible to be carried out remotely. The complexity ...

CVE-2026-5618 kalcaddle kodbox shareMake/shareCheck server-side request forgery

A vulnerability was detected in kalcaddle kodbox up to 1.64. This affects an unknown function of the component shareMake/shareCheck. Performing a manipulation of the argument siteFrom/siteTo results in server-side request forgery. The attack is possible to be carried out remotely. The complexity ...

CVE-2026-5618

Affected software: kalcaddle kodbox up to version 1.64. Vulnerable component: shareMake/shareCheck. Issue: server-side request forgery (SSRF) via manipulation of siteFrom/siteTo arguments. Impact: remote exploit with partial confidentiality/integrity/availability impact per CVSS data; exploitabil...

CVE-2026-5607

A security vulnerability has been detected in imprvhub mcp-browser-agent up to 0.8.0. This impacts the function CallToolRequestSchema of the file src/handlers.ts of the component URL Parameter Handler. The manipulation of the argument request.params.name/request.params.arguments leads to...

CVE-2026-5607 imprvhub mcp-browser-agent URL Parameter handlers.ts CallToolRequestSchema server-side request forgery

A security vulnerability has been detected in imprvhub mcp-browser-agent up to 0.8.0. This impacts the function CallToolRequestSchema of the file src/handlers.ts of the component URL Parameter Handler. The manipulation of the argument request.params.name/request.params.arguments leads to...

CVE-2026-5607

A security vulnerability has been detected in imprvhub mcp-browser-agent up to 0.8.0. This impacts the function CallToolRequestSchema of the file src/handlers.ts of the component URL Parameter Handler. The manipulation of the argument request.params.name/request.params.arguments leads to...

CVE-2026-5607 imprvhub mcp-browser-agent URL Parameter handlers.ts CallToolRequestSchema server-side request forgery

A security vulnerability has been detected in imprvhub mcp-browser-agent up to 0.8.0. This impacts the function CallToolRequestSchema of the file src/handlers.ts of the component URL Parameter Handler. The manipulation of the argument request.params.name/request.params.arguments leads to...

CVE-2026-5607

CVE-2026-5607 affects imprvhub mcp-browser-agent up to 0.8.0. The vulnerability resides in URL Parameter Handler’s CallToolRequestSchema within src/handlers.ts where manipulating request.params.name/request.params.arguments enables server-side request forgery. Public exploit disclosure and remote...

PT-2026-30561

A vulnerability was detected in kalcaddle kodbox up to 1.64. This affects an unknown function of the component shareMake/shareCheck. Performing a manipulation of the argument siteFrom/siteTo results in server-side request forgery. The attack is possible to be carried out remotely. The complexity ...

Directus 代码问题漏洞

Directus is an open-source real-time API and application dashboard developed by Directus. It is used to manage SQL database content. Versions of Directus prior to 11.16.0 have code vulnerabilities; these vulnerabilities stem from the IP address verification mechanism, which can be bypassed by IPv...

Kalcaddle Kodbox 代码问题漏洞

Kalcaddle Kodbox is a private cloud storage and online collaborative office platform developed by Kalcaddle Corporation. Versions of Kalcaddle Kodbox prior to 1.64 contained code vulnerabilities. These vulnerabilities stemmed from improper handling of parameters siteFrom/siteTo in the...

Huly Platform 安全漏洞

Huly Platform is an integrated project management platform developed by Huly in open source. Version 0.7.382 of Huly Platform contains a security vulnerability. This vulnerability stems from a flaw in the file server/front/src/index.ts within the Import Endpoint component, which may lead to...

pyLoad 代码问题漏洞

pyLoad is an open-source download manager written in Python. Versions of pyLoad 0.5.0b3.dev96 and earlier have code vulnerabilities due to unvalidated redirection targets, which may lead to server-side request forgeing attacks...

GPT Researcher 代码问题漏洞

GPT Researcher is an AI-based deep research agent tool developed by Assaf Elovic as a personal development tool. Versions of GPT Researcher 3.4.3 and earlier have code vulnerabilities related to improper handling of parameters in the ws Endpoint component, which may lead to server-side request...

Grafana 11.6.0 - SSRF

Exploit Title: Grafana 11.6.0 - SSRF FOFA: app="Grafana" Date: 2-11-2025 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://grafana.com/ Software Link: https://grafana.com/grafana/download Version: 11.2.0 - 11.6.0 CVE: CVE-2025-4123 Description: An SSRF Server-Side Request Forgery...

vLLM 代码问题漏洞

vLLM is an open-source solution designed for LLM-based models, featuring high throughput and memory-efficient reasoning and service engines. Versions of vLLM prior to 0.16.0 to 0.19.0 contained code vulnerabilities. These vulnerabilities stemmed from a lack of URL validation in the...