CVE-2026-5469

CVE-2026-5469 affects Casdoor version 2.356.0, specifically the Webhook URL Handler component. A crafted manipulation can induce a server-side request forgery (SSRF) and is reportable remotely. The vulnerability involves unknown code within the Webhook URL Handler and, per disclosures, the vendor...

PT-2026-30049

A weakness has been identified in Casdoor 2.356.0. This vulnerability affects unknown code of the component Webhook URL Handler. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not...

CVE-2026-5016

A vulnerability was identified in elecV2 elecV2P up to 3.8.3. This affects the function eAxios of the file /mock of the component URL Handler. Such manipulation of the argument req leads to server-side request forgery. It is possible to launch the attack remotely. The exploit is publicly availabl...

CVE-2026-5016 elecV2 elecV2P URL mock eAxios server-side request forgery

A vulnerability was identified in elecV2 elecV2P up to 3.8.3. This affects the function eAxios of the file /mock of the component URL Handler. Such manipulation of the argument req leads to server-side request forgery. It is possible to launch the attack remotely. The exploit is publicly availabl...

elecV2P 代码问题漏洞

elecV2P is a network request modification and scheduled task tool developed by the elecV2 individual developer. Versions of elecV2P 3.8.3 and earlier have code vulnerabilities. These vulnerabilities stem from improper handling of parameters req in the eAxios function within the component’s URL...

Server-side Request Forgery (SSRF)

Overview letta is a Create LLM agents with long-term memory and custom tools Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the convertmessagecreatetomessage function in the File URL Handler component when processing the ImageContent argument. An attacker...

CVE-2026-4964

A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects the function convertmessagecreatetomessage of the file letta/helpers/messagehelper.py of the component File URL Handler. Such manipulation of the argument ImageContent leads to server-side request...

CVE-2026-3610

CVE-2026-3610 affects HSC Cybersecurity Mailinspector (up to 5.3.2-3). The issue is in the URL Handler’s file /mailinspector/mliUserValidation.php, where manipulating the argument error_description leads to a cross-site scripting vulnerability. The attack can be performed remotely; exploit public...

CVE-2026-21853 AFFiNE: One-click Remote Code Execution through Custom URL Handling

AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedding a specially crafted affine: URL on a website. An attacker can trigger the vulnerability in tw...

PT-2026-22689

Name of the Vulnerable Software and Affected Versions AFFiNE versions prior to 0.25.4 Description AFFiNE is an open-source workspace and operating system. Versions prior to 0.25.4 contain a one-click remote code execution issue. An attacker can exploit this by embedding a specially crafted affine...

CVE-2026-3163

A vulnerability has been found in SourceCodester Website Link Extractor 1.0. This vulnerability affects the function filegetcontents of the component URL Handler. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed ...

CVE-2026-3163

A vulnerability has been found in SourceCodester Website Link Extractor 1.0. This vulnerability affects the function filegetcontents of the component URL Handler. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed ...

CVE-2026-3163

A vulnerability has been found in SourceCodester Website Link Extractor 1.0. This vulnerability affects the function filegetcontents of the component URL Handler. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed ...

CVE-2026-3163

CVE-2026-3163 affects SourceCodester Website Link Extractor 1.0, with a vulnerability in the URL Handler’s file_get_contents that enables server-side request forgery. The issue can be triggered remotely, and disclosures/public exploitation have been reported in the provided documents. No remediat...

PT-2026-21874

A vulnerability has been found in SourceCodester Website Link Extractor 1.0. This vulnerability affects the function file get contents of the component URL Handler. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclose...

SourceCodester Website Link Extractor 代码问题漏洞

SourceCodester Website Link Extractor is an open-source website link extractor developed by SourceCodester. Version 1.0 of SourceCodester Website Link Extractor has code-related vulnerabilities; these vulnerabilities stem from issues with the filegetcontents function in the URL Handler component,...

CVE-2026-2940

A vulnerability was determined in Zaher1307 tinywebserver up to 8d77b1044a0ca3a5297d8726ac8aa2cf944d481b. This affects the function tinywebserver/tiny.c of the file tinywebserver/tiny.c of the component URL Handler. This manipulation causes out-of-bounds write. The attack can be initiated remotel...

CVE-2026-2940

The CVE-2026-2940 entry concerns Zaher1307’s tiny_web_server, specifically the URL Handler implemented in tiny_web_server/tiny.c. The vulnerability is an out-of-bounds write in a function within tiny.c that is reachable via a remote attack. Public exploit details are noted, and the product uses o...

CVE-2026-2940 Zaher1307 tiny_web_server URL tiny.c out-of-bounds write

A vulnerability was determined in Zaher1307 tinywebserver up to 8d77b1044a0ca3a5297d8726ac8aa2cf944d481b. This affects the function tinywebserver/tiny.c of the file tinywebserver/tiny.c of the component URL Handler. This manipulation causes out-of-bounds write. The attack can be initiated remotel...

CVE-2026-2940

A vulnerability was determined in Zaher1307 tinywebserver up to 8d77b1044a0ca3a5297d8726ac8aa2cf944d481b. This affects the function tinywebserver/tiny.c of the file tinywebserver/tiny.c of the component URL Handler. This manipulation causes out-of-bounds write. The attack can be initiated remotel...