51 matches found
CVE-2026-3327
Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origins. This issue affects Web Previews v1.0.31...
CVE-2026-3327
This CVE concerns the DatoCMS Web Previews plugin, where an authenticated user can perform an iframe injection by bypassing the frontend URL restriction. The root cause is an insecure handling of embedded resources in the Web Previews feature, affecting versions earlier than 1.0.31. Impact is the...
EUVD-2015-4231
Malware in sbrugna...
EUVD-2015-0596
Malware in sbrugna...
EUVD-2007-0189
Malware in sbrugna...
EUVD-2022-24699
Malicious code in bioql PyPI...
Grafana Infinity Datasource Plugin SSRF Vulnerability
Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this...
CVE-2025-8341
Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this...
CVE-2012-2632
SEIL routers with firmware SEIL/x86 1.00 through 2.35, SEIL/X1 2.30 through 3.75, SEIL/X2 2.30 through 3.75, and SEIL/B1 2.30 through 3.75, when the http-proxy and application-gateway features are enabled, do not properly handle the CONNECT command, which allows remote attackers to bypass intende...
PT-2024-10784 · Extreme Networks · Extreme Networks Exos
Name of the Vulnerable Software and Affected Versions: Extreme Networks EXOS versions prior to 22.7 Extreme Networks EXOS versions prior to 30.2 Description: The issue is related to the Web GUI of Extreme Networks EXOS, which fails to restrict URL access. This allows attackers to access sensitive...
CVE-2023-50935
IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may allow a remote attacker to obtain unauthorized access to application functionality and/or resources. IBM X-Force ID: 275115...
Open Redirect
silverstripe/framework is vulnerable to Open Redirect. The vulnerability exists due to the lack of a validated url restriction in the pregmatch parameter of Director.php which allows an attacker to redirect a user to a malicious URL...
CVE-2023-26406 ZDI-CAN-20712: Net.HTTP.request URL restriction bypass
Adobe Acrobat Reader versions 23.001.20093 and earlier and 20.005.30441 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must...
SUSE CVE-2022-1379
URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery SSRF. This allows accessing restricted internal resources/servers or...
GHSA-R5W3-PFQ8-3R82 Jenkins SAML Plugin allows bypassing CSRF protection for any URL
An extension point in Jenkins allows selectively disabling cross-site request forgery CSRF protection for specific URLs. SAML Plugin implements this extension point for the URL that users are redirected to after login. In Jenkins SAML Plugin 2.0.7 and earlier this implementation is too permissive...
CVE-2022-1379
URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery SSRF. This allows accessing restricted internal resources/servers or...
UBUNTU-CVE-2022-1379
URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery SSRF. This allows accessing restricted internal resources/servers or...
CVE-2022-1379
URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery SSRF. This allows accessing restricted internal resources/servers or...
Server side request forgery (ssrf)
URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery SSRF. This allows accessing restricted internal resources/servers or...
CVE-2022-1379
URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery SSRF. This allows accessing restricted internal resources/servers or...