13117 matches found
CVE-2026-56697
Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 accept protocol-relative paths such as //evil.com in the reloadNuxtApp function; these pass the script-protocol check but resolve to a cross-origin URL against the current page protocol. Attackers can inject paths like //evil.com to redirect...
CVE-2026-56698
Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 fail to validate script-capable URLs in the navigateTo open option, allowing client-side script execution. Attackers can supply javascript: URLs through the open parameter to execute arbitrary scripts in the application's origin when...
CVE-2026-56698
Nuxt CVE-2026-56698 affects Nuxt 4.0.0–4.4.6 and 3.x up to 3.21.6 (versions before the fixed releases). The navigateTo open option fails to validate script-capable URLs, allowing attacker-controlled javascript: URLs to execute arbitrary scripts in the application's origin when user input is passe...
EUVD-2026-38366
Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitrary user-supplied URLs without validation. Unauthenticated attackers can bypass the internal-address blocklist using IPv6-mapped IPv4 addresses to reac...
EUVD-2026-11599
OpenCTI has Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature...
CVE-2026-9610
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 exposes resources or functionality that isn't linked in the UI but is accessible by directly requesting the URL, bypassing intended access controls...
CVE-2026-46417 Angular: SSRF via Hostname Hijacking in @angular/platform-server
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.12, 21.2.13, 20.3.21, and 19.2.22, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server. The issue stems from how...
CVE-2026-46417
CVE-2026-46417 describes a Server-Side Request Forgery (SSRF) in @angular/platform-server caused by how the SSR engine processes absolute-form URLs. When such a URL is passed to the rendering entry points, internal ServerPlatformLocation can be coerced to use the attacker-controlled domain as the...
CVE-2026-50168
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/platform-server package allows remote attackers to bypass host allowlist constraints an...
CVE-2026-56394
creationtimestamp| type| source ---|---|--- 2026-06-22 01:30:29+00:00| seen| https://infosec.exchange/users/offseq/statuses/116791170039431358 2026-06-22 01:30:30+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3motqfb5ttb2g...
EUVD-2026-38131
AVideo through version 27.0 contains a server-side request forgery vulnerability in plugin/Live/test.php that allows authenticated administrators to read arbitrary URLs via the statsURL parameter, which lacks isSSRFSafeURL validation and accepts requests to private IP ranges and cloud metadata...
Astra Linux – Vulnerability in Thunderbird, Firefox
Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log did not account for external URLs. As a result, data could potentially be exfiltrated from the browser. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird...
Astra Linux – Vulnerability in jsoup
jsoup is a Java HTML parser designed for HTML editing, cleaning, scraping, and XSS Cross-Site Scripting protection. However, jsoup may incorrectly sanitize HTML containing javascript: URLs, which could allow XSS attacks when a user clicks on those links. If the non-default...
Astra Linux – Vulnerability in Composer
Composer is a dependency manager for PHP. The URLs for Mercurial repositories in the composer.json file at the root level, as well as the source download URLs, are not sanified correctly. Specifically crafted URL values allow code to be executed via the HgDriver if hg/Mercurial is installed on th...
Astra Linux – Vulnerability in Python 3.7, Python 2.7
A issue in the urllib.parse component of Python prior to version 3.11.4 allows attackers to bypass blocklisting methods by providing a URL that starts with blank characters...
CVE-2026-54130
creationtimestamp| type| source ---|---|--- 2026-06-19 00:00:40+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3molzxtvyh42l 2026-06-19 00:00:44+00:00| seen| https://infosec.exchange/users/offseq/statuses/116773829826207617 2026-06-19 01:19:07+00:00| seen|...
[Eclipse Theia] Data Exfiltration via Markdown Image Rendering in AI Chat
In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. Combined with prompt injection in a malicious workspace, an attacker could induce the AI agent to construct image URLs...
net/url: Incorrect parsing of IPv6 host literals in net/url
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...
net/url: Incorrect parsing of IPv6 host literals in net/url
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...
TinaCMS rich-text (slatejson) rendering does not sanitize link/image URLs, allowing stored XSS via dangerous URL schemes
TinaCMS rich-text parsing and the default link/image renderers did not sanitize the url field on Slate link/image nodes. Content containing javascript: or data:text/html URLs — including case-variant, whitespace-padded, and control-character-obfuscated forms — is rendered into href/src and execut...