Lucene search
K

4 matches found

OSV
OSV
added 2026/06/23 6:18 p.m.4 views

PYSEC-2026-241

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.6.0, the Konnected integration registers an HTTP endpoint, KonnectedView homeassistant/components/konnected/init.py, that is marked as not requiring authentication requiresauth = False....

7.6CVSS5.8AI score0.00193EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:16 p.m.9 views

CVE-2018-1000188

A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL...

5.5CVSS6.6AI score0.00608EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/11/12 12:0 a.m.12 views

Matrix clients -- mxc uri validation in js sdk

matrix-js-sdk upstream reports: matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver...

5.3CVSS6.9AI score0.00835EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/03/14 8:37 p.m.32 views

Whoogle Search Server-Side Request Forgery vulnerability

Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the window endpoint does not sanitize user-supplied input from the location variable and passes it to the send method which sends a GET request on lines 339-343 in request.py, which leads to a server-side request...

9.8CVSS6.6AI score0.0098EPSS
Exploits1References9Affected Software1
Rows per page
Query Builder