CVE-2024-13971

Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobsterpro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...

Lobster_pro 代码问题漏洞

Lobsterpro is a middleware platform developed by the German company Lobster, used for enterprise data integration and process orchestration. Versions of Lobsterpro prior to 4.12.6-GA contained code vulnerabilities. These vulnerabilities stemmed from weaknesses in the XML parser’s functionality,...

CVE-2026-33705

CVE-2026-33705 affects Chamilo LMS. Prior to 1.11.38, Twig template files under /main/template/default/ were accessible without authentication via HTTP GET, exposing internal application logic, variable names, AJAX endpoint URLs, and admin panel structure. The issue is fixed in 1.11.38. Reported ...

Belden Hirschmann HiOS Switch Platform 安全漏洞

The Belden Hirschmann HiOS Switch Platform is an industrial Ethernet switch operating system platform developed by the American company Belden. Versions prior to 09.4.05 and 10.3.01 of the Belden Hirschmann HiOS Switch Platform contained security vulnerabilities. These vulnerabilities stemmed fro...

CVE-2026-0932

Blind server-side request forgery SSRF vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs...

CVE-2025-70147

Missing authentication in /admin/student.php and /admin/teacher.php in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to obtain sensitive information including plaintext password field values via direct HTTP GET requests to these endpoints without a valid session...

ObjectPlanet Opinio 安全漏洞

ObjectPlanet Opinio is an online survey system from ObjectPlanet Norway. A security vulnerability exists in ObjectPlanet Opinio version 7.26 rev12562, which stems from a blind server-side request forgery in the survey import feature that could cause the server to execute an arbitrary HTTP GET...

CVE-2023-48790

A cross site request forgery vulnerability CWE-352 in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a remote unauthenticated attacker to execute unauthorized actions via crafted HTTP GET requests...

PhpSpreadsheet 安全漏洞

PhpSpreadsheet is an open source PHP library from PHPOffice for reading and writing spreadsheet files. A security vulnerability exists in PHPSpreadsheet. An attacker can exploit the vulnerability to read arbitrary files on the server and perform arbitrary HTTP GET requests...

Authorization Bypass

Overview Microsoft.IdentityModel.Protocols.SignedHttpRequest is a package that includes types that provide support for the SignedHttpRequest protocol Affected versions of this package are vulnerable to Authorization Bypass via the SignedHttpRequest protocol or the SignedHttpRequestValidator. The...

The vulnerability of the software for coordinating the operation of security systems and for managing real-time incident responses in Fortinet FortiSOAR is related to improper access control. This allows attackers to gain access to the API gateway.

The vulnerability of the software for coordinating the operation of security systems and for managing incident responses in real-time with Fortinet FortiSOAR is related to improper access control. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the...

CVE-2022-29061

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP GET requests...

CVE-2022-23443

An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests...

Simple-Get 信息泄露漏洞

Simple-Get is one of the simplest ways to make Http get requests in the US. An information disclosure vulnerability exists in simple-get that stems from exposing sensitive information to unauthorized participants in NPM...