27 matches found
CVE-2026-7084
CVE-2026-7084 affects HBAI-Ltd Toonflow-app (up to 1.1.1). The issue is in the fetch of the file src/routes/setting/vendorConfig/getCodeByLink.ts via the getCodeByLink endpoint, where manipulating the Link parameter leads to server-side request forgery. It can be exploited remotely; an exploit is...
PT-2026-35350
A vulnerability was found in HBAI-Ltd Toonflow-app up to 1.1.1. This affects the function fetch of the file src/routes/setting/vendorConfig/getCodeByLink.ts of the component getCodeByLink Endpoint. The manipulation of the argument Link results in server-side request forgery. The attack may be...
PT-2026-35351
A vulnerability was determined in HBAI-Ltd Toonflow-app up to 1.1.1. This vulnerability affects the function z.url of the file src/routes/setting/about/downloadApp.ts of the component downloadApp Endpoint. This manipulation of the argument url causes path traversal. It is possible to initiate the...
PT-2026-35352
A vulnerability was identified in HBAI-Ltd Toonflow-app up to 1.1.1. This issue affects the function updateStoryboardUrl of the file replaceUrl.ts of the component Storyboard Export. Such manipulation of the argument url leads to path traversal. It is possible to launch the attack remotely. The...
Toonflow 路径遍历漏洞
Toonflow is an AI short story production platform developed by HBAI-Ltd. Versions of Toonflow prior to 1.1.1 contained a path traversal vulnerability. This vulnerability stemmed from the updateStoryboardUrl function in the Storyboard Export component, which improperly handled the url parameter,...
Toonflow 路径遍历漏洞
Toonflow is an AI short story production platform developed by HBAI-Ltd. Versions of Toonflow prior to 1.1.1 contained a path traversal vulnerability. This vulnerability stemmed from improper handling of the parameter url in the z.url function within the downloadApp.ts file in the downloadApp...
Toonflow 代码问题漏洞
Toonflow is an AI short story production platform developed by HBAI-Ltd. Versions of Toonflow prior to 1.1.1 contained code vulnerabilities. These vulnerabilities stemmed from improper handling of parameters Link in the fetch function of the src/routes/setting/vendorConfig/getCodeByLink.ts file i...