405 matches found
CVE-2017-18890
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request...
CVE-2020-10574
An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "querylogger" Admin API request, because of a typo in the JSON validation...
CVE-2025-23202
Bible Module is a tool designed for ROBLOX developers to integrate Bible functionality into their games. The FetchVerse and FetchPassage functions in the Bible Module are susceptible to injection attacks due to the absence of input validation. This vulnerability could allow an attacker to...
CVE-2023-54327 Tinycontrol LAN Controller 1.58a Authentication Bypass via Admin Password Change
Tinycontrol LAN Controller 1.58a contains an authentication bypass vulnerability that allows unauthenticated attackers to change admin passwords through a crafted API request. Attackers can exploit the /stm.cgi endpoint with a specially crafted authentication parameter to disable access controls...
CVE-2025-68477
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, Langflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied URL, performs only normalization and basic format checks, an...
Langflow vulnerable to Server-Side Request Forgery
Vulnerability Overview Langflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied URL, performs only normalization and basic format checks, and then sends the request using a server-side httpx client. It does not block...
CVE-2025-68477 Langflow vulnerable to Server-Side Request Forgery
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, Langflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied URL, performs only normalization and basic format checks, an...
CVE-2025-68477 Langflow vulnerable to Server-Side Request Forgery
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, Langflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied URL, performs only normalization and basic format checks, an...
PT-2025-52496
Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.7.0 Description Langflow is a tool for building and deploying AI-powered agents and workflows. The API Request component allows issuing arbitrary HTTP requests within a flow. Prior to version 1.7.0, the component...
EUVD-2025-197994
The Icon List Block – Add Icon-Based Lists with Custom Styles plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.1 via the fsapirequest function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-12376
CVE-2025-12376 relates to the WordPress plugin Icon List Block – Add Icon-Based Lists with Custom Styles . The vulnerability is a Server-Side Request Forgery (SSRF) arising from the plugin’s fs_api_request path, allowing authenticated attackers with Subscriber-level access and higher to trigger w...
EUVD-2025-37028
Kanova Android App version 1.0.27 package name com.karelane, developed by Karely L.L.C., contains improper access control vulnerabilities. Attackers may gain unauthorized access to user details and obtain group information, including entry codes, by manipulating API request parameters. Successful...
EUVD-2019-10463
Malware in sbrugna...
EUVD-2020-24813
Malware in sbrugna...
EUVD-2018-12412
Malware in sbrugna...
EUVD-2015-7904
Malware in sbrugna...
EUVD-2019-0096
Malware in sbrugna...
EUVD-2021-21424
Malware in sbrugna...
EUVD-2020-18707
Malware in sbrugna...
EUVD-2021-14623
Malware in sbrugna...