7175 matches found
CVE-2026-4231
A vulnerability was found in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function updatesql/runsql of the file src/vanna/legacy/flask/init.py of the component Endpoint. Performing a manipulation results in server-side request forgery. The attack may be initiated remotely. Th...
CVE-2026-4215
A security flaw has been discovered in FlowCI flow-core-x up to 1.23.01. The impacted element is the function Save of the file core/src/main/java/com/flowci/core/config/service/ConfigServiceImpl.java of the component SMTP Host Handler. The manipulation results in server-side request forgery. The...
CVE-2025-69239
Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows an attacker with high privileges to provide the URL for redirecting server-side HTTP request. This issue was fixed in version 1.4.6...
CVE-2025-69239
Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows an attacker with high privileges to provide the URL for redirecting server-side HTTP request. This issue was fixed in version 1.4.6...
CVE-2025-69239 Server-Site Request Forgery in Raytha CMS
Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows an attacker with high privileges to provide the URL for redirecting server-side HTTP request. This issue was fixed in version 1.4.6...
CVE-2025-69239 Server-Site Request Forgery in Raytha CMS
Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows an attacker with high privileges to provide the URL for redirecting server-side HTTP request. This issue was fixed in version 1.4.6...
CVE-2025-69239
Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows an attacker with high privileges to provide the URL for redirecting server-side HTTP request. This issue was fixed in version 1.4.6...
Server-side Request Forgery (SSRF)
Overview vanna is a Generate SQL queries from natural language Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the runsql function. An attacker can access internal resources or services by sending crafted requests remotely. Remediation There is no fixed...
CVE-2026-4231 vanna-ai vanna Endpoint __init__.py run_sql server-side request forgery
A vulnerability was found in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function updatesql/runsql of the file src/vanna/legacy/flask/init.py of the component Endpoint. Performing a manipulation results in server-side request forgery. The attack may be initiated remotely. Th...
CVE-2026-4231
CVE-2026-4231 affects vanna-ai vanna up to 2.0.2 . The vulnerability is in the Endpoint component, specifically the function update_sql/run_sql in src/vanna/legacy/flask/init .py, allowing server-side request forgery . The attack can be performed remotely and the exploit has been made public. The...
CVE-2026-4215
A security flaw has been discovered in FlowCI flow-core-x up to 1.23.01. The impacted element is the function Save of the file core/src/main/java/com/flowci/core/config/service/ConfigServiceImpl.java of the component SMTP Host Handler. The manipulation results in server-side request forgery. The...
CVE-2026-4215 FlowCI flow-core-x SMTP Host ConfigServiceImpl.java save server-side request forgery
A security flaw has been discovered in FlowCI flow-core-x up to 1.23.01. The impacted element is the function Save of the file core/src/main/java/com/flowci/core/config/service/ConfigServiceImpl.java of the component SMTP Host Handler. The manipulation results in server-side request forgery. The...
CVE-2026-4200 glowxq glowxq-oj ProblemCaseController.java uploadTestcaseZipUrl server-side request forgery
A security flaw has been discovered in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This affects the function uploadTestcaseZipUrl of the file business/business-oj/src/main/java/com/glowxq/oj/problem/controller/ProblemCaseController.java. Performing a manipulation results in...
CVE-2026-4200 glowxq glowxq-oj ProblemCaseController.java uploadTestcaseZipUrl server-side request forgery
A security flaw has been discovered in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This affects the function uploadTestcaseZipUrl of the file business/business-oj/src/main/java/com/glowxq/oj/problem/controller/ProblemCaseController.java. Performing a manipulation results in...
CVE-2026-4200
A security flaw has been discovered in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This affects the function uploadTestcaseZipUrl of the file business/business-oj/src/main/java/com/glowxq/oj/problem/controller/ProblemCaseController.java. Performing a manipulation results in...
glowxq-oj 代码问题漏洞
Glowxq-oj is an online problem-solving system developed by Glowxq’s individual developers, which supports multi-language evaluations and engaging programming activities. There are code vulnerabilities in Glowxq-oj. These vulnerabilities stem from incorrect operations on the function...
flow-core-x 代码问题漏洞
flow-core-x is a simple and powerful continuous integration and deployment server open source from flow.ci. Versions of flow-core-x 1.23.01 and earlier have code vulnerabilities. These vulnerabilities stem from a flaw in the Save function in the ConfigServiceImpl.java file within the SMTP Host...
Raytha CMS 代码问题漏洞
Raytha CMS is a content management system developed by the American company Raytha. Versions of Raytha CMS prior to 1.4.6 contained code vulnerabilities. These vulnerabilities stemmed from the “Themes – Import from URL” feature, which had a server-side request forgeing vulnerability. This...
easegen-admin 代码问题漏洞
easegen-admin is a digital human course creation platform developed by Taofagi. There are code issues and vulnerabilities in easegen-admin, which stem from incorrect handling of the parameter 'url' in the PPTUtil.java file. This could lead to server-side request forgery...
PT-2026-25575
A security flaw has been discovered in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This affects the function uploadTestcaseZipUrl of the file business/business-oj/src/main/java/com/glowxq/oj/problem/controller/ProblemCaseController.java. Performing a manipulation results in...