Lucene search
+L

10 matches found

CVE
CVE
added 3 days ago7 views

CVE-2026-45806

Penpot before 2.15.0 vulnerable to authenticated SSRF in remote image import. The flow passes a user-controlled URL from frontend to the backend RPC method create-file-media-object-from-url, where media/download-image uses a shared HTTP client without destination filtering, allowing an authentica...

7.7CVSS6.2AI score0.00354EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/13 8:3 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchKey function. An attacker can cause the server to make arbitrary HTTP requests to attacker-controlled destinations by crafting a JWT with malicious claim values that are interpolated into th...

9.3CVSS5.9AI score0.00258EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2026/02/02 12:0 a.m.2 views

Huawei EulerOS: Security Advisory for wget (EulerOS-SA-2026-1151)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS5.4AI score0.0111EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/10 7:34 p.m.5 views

CVE-2025-61925 Astro's `X-Forwarded-Host` is reflected with no validation

Astro is a web framework. Prior to version 5.14.2, Astro reflects the value in X-Forwarded-Host in output when using Astro.url without any validation. It is common for web servers such as nginx to route requests via the Host header, and forward on other request headers. As such as malicious reque...

6.5CVSS6.6AI score0.0038EPSS
Exploits1References2
Snyk
Snyk
added 2025/05/28 7:41 a.m.3 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation when wolfSSL is used as the TLS backend for QUIC. An attacker can impersonate a legitimate server or perform a man-in-the-middle attack by exploiting a skipped certificate verification. Note: The skip of...

6.9CVSS6.8AI score0.00248EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/10/04 12:0 a.m.5 views

WideStand CMS Cross-Site Scripting Vulnerability

WideStand CMS is a content management system from WideStand, Inc. A cross-site scripting vulnerability exists in WideStand CMS versions prior to 5.3.5 that stems from the direct use of the query's URL content to generate one of the meta tags, which would allow an attacker to inject HTML/Javascrip...

6.1CVSS6.3AI score0.00309EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2022/11/03 2:55 p.m.7 views

h2: Remote Code Execution in Console

A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited...

10CVSS7.4AI score0.63211EPSS
Exploits3References5
Positive Technologies
Positive Technologies
added 2022/09/09 12:0 a.m.9 views

PT-2022-6098 · Pdfkit · Pdfkit

Name of the Vulnerable Software and Affected Versions: pdfkit versions 0.0.0 through 0.8.7.2 Description: The issue is related to insufficient argument checking in the pdfkit library, which can be exploited by a remote attacker to execute arbitrary commands. This is a Command Injection...

9.8CVSS9.6AI score0.39389EPSS
Exploits11References40
Citrix
Citrix
added 2018/06/14 12:0 a.m.8 views

Error: "Cannot Complete Your Request" Due to Incorrect Citrix Gateway URL Usage

The following error is displayed due to incorrect Citrix Gateway URL usage: Cannot Complete Your Request...

7AI score
Exploits0
seebug.org
seebug.org
added 2007/04/17 12:0 a.m.43 views

PunBB 1.2.14 Remote Code Execution Exploit

No description provided by source. !/usr/bin/php URL: http://www.acid-root.new.fr/ ----------------------------------------------------------------------- Usage: $argv0 -url -usr -pwd Options Params: -url For example http://victim.com/punBB/ -usr User account 1 post at least -pwd Password account...

7.1AI score
Exploits0
Rows per page
Query Builder