7338 matches found
CVE-2025-70042
An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in oslabs-beta ThermaKube master...
Bytedesk 代码问题漏洞
Bytedesk is a multi-channel intelligent customer service platform developed by the individual developers of bytedesk.com. Versions of Bytedesk 1.3.9 and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect handling of the parameter apiUrl in the file...
CVE-2025-70042
Technical details are not publicly available in the provided documents. The sources only reiterate a CWE-918 Server-Side Request Forgery in oslabs-beta ThermaKube master without specifying affected versions, root cause specifics, or remediation. Monitor for updates.
IKEA Dirigera 代码问题漏洞
IKEA Dirigera is a smart home system gateway device developed by the Dutch company IKEA. Version IKEA Dirigera v2.866.4 contains a code vulnerability caused by server-side request forgery, which may lead to the disclosure of private keys through specially crafted requests...
CVE-2026-3789 Bytedesk SpringAIGiteeRestController SpringAIGiteeRestService.java getModels server-side request forgery
A vulnerability was detected in Bytedesk up to 1.3.9. Affected is the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/gitee/SpringAIGiteeRestService.java of the component SpringAIGiteeRestController. Performing a manipulation of the argument apiUrl...
CVE-2026-3788
CVE-2026-3788 affects Bytedesk up to version 1.3.9, specifically the SpringAIOpenrouterRestController/SpringAIOpenrouterRestService.getModels path. The root cause is manipulation of the apiUrl parameter in getModels inside source-code/src/main/java/com/bytedesk/ai/springai/providers/openrouter/Sp...
CVE-2026-3788 Bytedesk SpringAIOpenrouterRestController SpringAIOpenrouterRestService.java getModels server-side request forgery
A security vulnerability has been detected in Bytedesk up to 1.3.9. This impacts the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/openrouter/SpringAIOpenrouterRestService.java of the component SpringAIOpenrouterRestController. Such manipulation of th...
CVE-2026-3788 Bytedesk SpringAIOpenrouterRestController SpringAIOpenrouterRestService.java getModels server-side request forgery
A security vulnerability has been detected in Bytedesk up to 1.3.9. This impacts the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/openrouter/SpringAIOpenrouterRestService.java of the component SpringAIOpenrouterRestController. Such manipulation of th...
CVE-2026-3788
A security vulnerability has been detected in Bytedesk up to 1.3.9. This impacts the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/openrouter/SpringAIOpenrouterRestService.java of the component SpringAIOpenrouterRestController. Such manipulation of th...
EUVD-2026-10253
A security vulnerability has been detected in ContiNew Admin up to 4.2.0. This issue affects the function URI.create of the file continew-system/src/main/java/top/continew/admin/system/factory/S3ClientFactory.java of the component Storage Management Module. The manipulation leads to server-side...
CVE-2026-3750
A security vulnerability has been detected in ContiNew Admin up to 4.2.0. This issue affects the function URI.create of the file continew-system/src/main/java/top/continew/admin/system/factory/S3ClientFactory.java of the component Storage Management Module. The manipulation leads to server-side...
CVE-2026-3750
A security vulnerability has been detected in ContiNew Admin up to 4.2.0. This issue affects the function URI.create of the file continew-system/src/main/java/top/continew/admin/system/factory/S3ClientFactory.java of the component Storage Management Module. The manipulation leads to server-side...
CVE-2026-3750 ContiNew Admin Storage Management S3ClientFactory.java URI.create server-side request forgery
A security vulnerability has been detected in ContiNew Admin up to 4.2.0. This issue affects the function URI.create of the file continew-system/src/main/java/top/continew/admin/system/factory/S3ClientFactory.java of the component Storage Management Module. The manipulation leads to server-side...
CVE-2026-3750
CVE-2026-3750 affects ContiNew Admin up to 4.2.0; the vulnerability lies in the function URI.create in continew-system/src/main/java/top/continew/admin/system/factory/S3ClientFactory.java of the Storage Management Module, enabling server-side request forgery. The issue can be exploited remotely (...
CVE-2026-3750 ContiNew Admin Storage Management S3ClientFactory.java URI.create server-side request forgery
A security vulnerability has been detected in ContiNew Admin up to 4.2.0. This issue affects the function URI.create of the file continew-system/src/main/java/top/continew/admin/system/factory/S3ClientFactory.java of the component Storage Management Module. The manipulation leads to server-side...
CVE-2026-3733
A vulnerability was detected in xuxueli xxl-job up to 3.3.2. This impacts an unknown function of the file source-code/src/main/java/com/xxl/job/admin/controller/JobInfoController.java. The manipulation results in server-side request forgery. It is possible to launch the attack remotely. The explo...
CVE-2026-3733
A vulnerability was detected in xuxueli xxl-job up to 3.3.2. This impacts an unknown function of the file source-code/src/main/java/com/xxl/job/admin/controller/JobInfoController.java. The manipulation results in server-side request forgery. It is possible to launch the attack remotely. The explo...
CVE-2026-3733
CVE-2026-3733 affects xuxueli xxl-job up to 3.3.2. The vulnerability resides in an unspecified function within JobInfoController.java and enables server-side request forgery. The issue appears exploitable remotely, and public exploit code is available. Documentation describes an access control st...
CVE-2026-3733 xuxueli xxl-job JobInfoController.java server-side request forgery
A vulnerability was detected in xuxueli xxl-job up to 3.3.2. This impacts an unknown function of the file source-code/src/main/java/com/xxl/job/admin/controller/JobInfoController.java. The manipulation results in server-side request forgery. It is possible to launch the attack remotely. The explo...
CVE-2026-3733 xuxueli xxl-job JobInfoController.java server-side request forgery
A vulnerability was detected in xuxueli xxl-job up to 3.3.2. This impacts an unknown function of the file source-code/src/main/java/com/xxl/job/admin/controller/JobInfoController.java. The manipulation results in server-side request forgery. It is possible to launch the attack remotely. The explo...