CVE-2026-7412

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...

PT-2026-27237

OpenClaw before 2026.3.2 contains a symlink traversal vulnerability in stageSandboxMedia that allows attackers to overwrite files outside the sandbox workspace. Attackers can exploit unvalidated destination paths in media/inbound writes to follow symlinks and overwrite host files beyond intended...

CVE-2025-9821

The CVE-2025-9821 relates to Mautic’s webhook feature, where the destination of webhooks is not validated, enabling SSRF when a user with webhook permissions can view webhook logs. This can allow bypassing firewalls to reach internal services and may disclose partial response data. Exploitation d...

PT-2025-35709

Name of the Vulnerable Software and Affected Versions: versions not specified Description: Users with webhook permissions can conduct Server-Side Request Forgery SSRF via webhooks. If they have permission to view the webhook logs, the partial request response is also disclosed. This allows...

CVE-2020-36845

The KnowBe4 Security Awareness Training application before 2020-01-10 contains a redirect function that does not validate the destination URL before redirecting. The response has a SCRIPT element that sets window.location.href to an arbitrary https URL...