EUVD-2026-28403

A vulnerability has been found in router-for-me CLIProxyAPI 6.9.29. Affected by this issue is some unknown functionality of the file internal/api/handlers/management/apitools.go of the component API Interface. The manipulation of the argument url leads to server-side request forgery. Remote...

CVE-2026-7234

A weakness has been identified in BrowserOperator browser-operator-core up to 0.6.0. Affected is the function startsWith of the file scripts/componentserver/server.js. Executing a manipulation of the argument request.url can lead to path traversal. The attack can be launched remotely. The exploit...

PT-2026-33712

A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function process audio block of the file src/agentscope/agent/ agent base.py. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the...

CVE-2026-5470

A security vulnerability has been detected in mixelpixx Google-Research-MCP 1e062d7bd887bfe5f6e582b6cc288bb897b35cf2/ca613b736ab787bc926932f59cddc69457185a83. This issue affects the function extractContent of the file src/services/content-extractor.service.ts of the component Model Context Protoc...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.67 and 9.7.0-alpha.11. These vulnerabilities stemmed from a flaw where attackers could...

PT-2026-26341

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open source discussion platform. Insufficient cleanup in the default Codepen allowed iframes...

CVE-2026-4284

A vulnerability was determined in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433. This issue affects the function downloadFile of the file - yudao-module-digitalcourse/yudao-module-digitalcourse-biz/src/main/java/cn/iocoder/yudao/module/digitalcourse/util/PPTUtil.java of th...

CVE-2025-15577

An unauthenticated attacker can exploit this vulnerability by manipulating URL to achieve arbitrary file read access.This issue affects Valmet DNA Web Tools: C2022 and older...

CVE-2025-15577

An unauthenticated attacker can exploit this vulnerability by manipulating URL to achieve arbitrary file read access.This issue affects Valmet DNA Web Tools: C2022 and older...

CVE-2025-15577 Valmet DNA Web server arbitrary file read access

An unauthenticated attacker can exploit this vulnerability by manipulating URL to achieve arbitrary file read access.This issue affects Valmet DNA Web Tools: C2022 and older...

CVE-2025-15577

CVE-2025-15577 : An unauthenticated attacker can exploit a URL manipulation vulnerability to achieve arbitrary file read on Valmet DNA Web Tools: C2022 and older. The CVE is rated CRITICAL (CVSSv4.0: AV:N/AC:L/PR:N/UI:N/S:U/VI:N/VC:H/VS:N/VA:N/AT:N/AC:H/E:P) with network access, low complexity, a...

Use Of Externally-Controlled Input To Select Classes Or Code ('Unsafe Reflection')

Astro is vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection'. The vulnerability is due to Astro reflecting the unvalidated X-Forwarded-Host header in Astro.url, which allows an attacker to supply a malicious header value that can manipulate generated...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization. An attacker can gain unauthorized access to restricted organization or application editing interfaces by manipulating URLs after authentication. Remediation Upgrade github.com/casdoor/casdoor/authz to version...

CVE-2025-10760 Harness lookup_repo.go LookupRepo server-side request forgery

A flaw has been found in Harness 3.3.0. This impacts the function LookupRepo of the file app/api/controller/gitspace/lookuprepo.go. Executing manipulation of the argument url can lead to server-side request forgery. The attack may be launched remotely. The exploit has been published and may be...

PT-2025-37724

Name of the Vulnerable Software and Affected Versions: ZKEACMS version 4.3 Description: A vulnerability exists in ZKEACMS that allows for server-side request forgery. The issue is located in the Proxy function within the src/ZKEACMS/Controllers/MediaController.cs file. Manipulation of the url...

Vvveb 访问控制错误漏洞

Vvveb is a powerful and easy-to-use CMS from Givan Individual Developers for building websites, blogs or e-commerce stores. An access control error vulnerability exists in Vvveb version 1.0.5 and earlier, which stems from incorrect manipulation of the parameter url leading to information disclosu...

NETGEAR DGN2200 安全漏洞

The NETGEAR DGN2200 is a wireless router from NETGEAR. The NETGEAR DGN2200 is vulnerable to a privilege issue. An attacker can exploit the vulnerability by adding "?x=1.gif" to the requested URL to be recognized as authenticated...

SAP Fiori Security Breach

SAP Fiori, a user experience UX design system for SAP applications from SAP, Germany, provides designers and developers with a set of tools and guidelines to quickly develop applications for any platform, delivering a consistent, innovative experience for creators and users. A security...

PT-2022-8021 · Unknown · Exciting Printer

Name of the Vulnerable Software and Affected Versions: Exciting Printer affected versions not specified Description: A critical issue affects the Argument Handler component, specifically the file lib/printer/jobs/prepare page.rb, where the manipulation of the URL argument leads to command...

UBUNTU-CVE-2022-39049

An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS...