Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2026/06/17 2:8 p.m.12 views

NocoDB: Server-Side Request Forgery via Spreadsheet Import Endpoint

Summary The spreadsheet-import endpoint axiosRequestMake could be used as a generic HTTP proxy. Before the fix it was reachable unauthenticated, and its URL-extension allowlist was a regex tested against the full URL string, so URLs whose query string ended in .csv for example...

6.9CVSS5.3AI score0.00295EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2006-1395

Malware in sbrugna...

5CVSS6.4AI score0.0208EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2024/06/12 3:20 a.m.3 views

SUSE CVE-2024-5692

On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as .url by including an invalid character in the extension. Note: This issue only affected Windows operating systems. Other operating systems are...

6.5CVSS6.3AI score0.0062EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2024/02/26 12:0 a.m.3 views

PT-2024-1967 · D Link · D-Link Dir-823G

Name of the Vulnerable Software and Affected Versions: D-Link DIR-823G version A1V1.0.2B05 Description: The issue is related to a function sub 4110f4 in the D-Link DIR-823G router's firmware, which contains errors in handling URL addresses with certain extensions, such as html, .asp, .php, or...

9CVSS7.3AI score0.00427EPSS
Exploits1References8
Prion
Prion
added 2006/03/25 12:6 a.m.18 views

Code injection

The a Quick 'n Easy Web Server before 3.1.1 and b Baby ASP Web Server 2.7.2 allows remote attackers to obtain the source code of ASP files via 1 . dot and 2 space characters in the extension of a URL...

5CVSS7.3AI score0.0208EPSS
Exploits0References12Affected Software2
Rows per page
Query Builder