CVE-2026-8081

A vulnerability has been found in router-for-me CLIProxyAPI 6.9.29. Affected by this issue is some unknown functionality of the file internal/api/handlers/management/apitools.go of the component API Interface. The manipulation of the argument url leads to server-side request forgery. Remote...

CVE-2026-8081 router-for-me CLIProxyAPI api_tools.go server-side request forgery

A vulnerability has been found in router-for-me CLIProxyAPI 6.9.29. Affected by this issue is some unknown functionality of the file internal/api/handlers/management/apitools.go of the component API Interface. The manipulation of the argument url leads to server-side request forgery. Remote...

Attacking the MCP Trust Boundary

Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even email distinguishes the envelope from the message. The Model Context Protocol MCP, the fast-growing standard for connecting AI agents to external services, inherits that gap...

WeRSS 路径遍历漏洞

WeRSS is a WeChat official account system developed by Rachel. Versions of WeRSS 1.4.8 and earlier contained a path traversal vulnerability. This vulnerability stemmed from incorrect handling of the parameter filename in the downloadexportfile function within the files apis/tools.py, which could...

CVE-2025-52024

A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services,...

CVE-2025-52024

A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services,...

@asyncapi-actions-test/trusted-publishing-test_asyncapi-cli (>=4.1.3 <=5.4.0), @asyncapi/cli (>=3.3.0 <=6.0.0) +3 more potentially affected by unknown CVE via @asyncapi/problem (=1.0.0)

@asyncapi/problem NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/problem and may be impacted: - @asyncapi-actions-test/trusted-publishing-testasyncapi-cli =4.1.3, =3.3.0, =0.16.0, =1.4.14, =1.4.39 -...

@asyncapi-actions-test/trusted-publishing-test_asyncapi-cli (>=4.1.3 <=5.4.0), @asyncapi/cli (>=1.12.0 <=6.0.0) +2 more potentially affected by unknown CVE via @asyncapi/optimizer (=1.0.4)

@asyncapi/optimizer NPM version =1.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/optimizer and may be impacted: - @asyncapi-actions-test/trusted-publishing-testasyncapi-cli =4.1.3, =1.12.0, =1.4.14, =1.4.39 -...

Jenkins plugin Sensedia Api Platform tools 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

MAL-2024-1165 Malicious code in pt-api-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 78627b7277f79f6b0febc6c2efde348085a7bf7363ebc2986ac5d3e2ce2329d1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in pt-api-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 78627b7277f79f6b0febc6c2efde348085a7bf7363ebc2986ac5d3e2ce2329d1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

[SECURITY] Fedora 36 Update: golang-github-googleapis-gnostic-0.5.3-7.fc36

This package contains a Go command line tool which converts JSON and YAML OpenAPI descriptions to and from equivalent Protocol Buffer representations. Protocol Buffers provide a language-neutral, platform-neutral, extensible mechanism for serializing structured data. gnostic's Protocol Buffer...

[SECURITY] Fedora 36 Update: golang-github-googleapis-gnostic-0.5.3-6.fc36

This package contains a Go command line tool which converts JSON and YAML OpenAPI descriptions to and from equivalent Protocol Buffer representations. Protocol Buffers provide a language-neutral, platform-neutral, extensible mechanism for serializing structured data. gnostic's Protocol Buffer...

Kicking off Developer Day 2020

Developer Day 2020 kicks off today with seven on-demand sessions for more than 2,600 registrants. This is the first time Developer Day has been held in a virtual setting and the VMware Carbon Black team is excited to welcome the largest group of developers we have ever had in attendance. With eig...

XSS vectors in laminas-api-tools/api-tools

The package laminas-api-tools/api-tools bundles a number of javascript assets for purposes of providing an adminstration GUI and/or landing page. Some of these assets had reported XSS cross-site scripting vulnerabilities: Affected versions laminas-api-tools/api-tools versions prior to 1.4.1. Acti...

CVE-2012-5817

Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools Java library and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof...

CVE-2012-5781

The CVE-2012-5781 entry concerns Amazon Elastic Load Balancing API Tools failing to verify that the server hostname matches the CN/subjectAltName in the X.509 certificate, enabling potential MITM via an arbitrary valid certificate. The root cause is improper hostname verification, related to over...