Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the url parameter in the /api/templates/fetch endpoint, which performs a server-side HTTP GET request without authentication or validation of the URL scheme or host. An attacker can access internal...

CVE-2026-40242

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.17.3, the /api/templates/fetch endpoint accepts a caller-supplied url parameter and performs a server-side HTTP GET request to that URL without authentication and without URL scheme or host validation...

arcane 代码问题漏洞

Arcane is an open-source Docker management software developed by Arcane. Versions of Arcane prior to 1.17.3 contained code vulnerabilities. These vulnerabilities stemmed from the /api/templates/fetch endpoint, which accepted URL parameters provided by callers and processed HTTP GET requests witho...

UBUNTU-CVE-2018-25045

Django REST framework aka django-rest-framework before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping...

PT-2021-19211 · Grafana · Grafana Enterprise Metrics +1

Name of the Vulnerable Software and Affected Versions: Grafana Enterprise Metrics versions prior to 1.2.1 Metrics Enterprise version 1.2.1 Description: The issue allows for local file disclosure when the experimental.alertmanager.enable-api is used. The HTTP basic auth password file can be...