CVE-2026-22794 Account Takeover Vulnerability in Appsmith

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.93, the server uses the Origin value from the request headers as the email link baseUrl without validation. If an attacker controls the Origin, password reset / email verification links in emails can be...

CVE-2025-12245

A vulnerability was identified in chatwoot up to 4.7.0. This vulnerability affects the function initPostMessageCommunication of the file app/javascript/sdk/IFrameHelper.js of the component Widget. The manipulation of the argument baseUrl leads to origin validation error. Remote exploitation of th...

CVE-2025-12245

A vulnerability was identified in chatwoot up to 4.7.0. This vulnerability affects the function initPostMessageCommunication of the file app/javascript/sdk/IFrameHelper.js of the component Widget. The manipulation of the argument baseUrl leads to origin validation error. Remote exploitation of th...

CVE-2025-12245 chatwoot Widget IFrameHelper.js initPostMessageCommunication origin validation

A vulnerability was identified in chatwoot up to 4.7.0. This vulnerability affects the function initPostMessageCommunication of the file app/javascript/sdk/IFrameHelper.js of the component Widget. The manipulation of the argument baseUrl leads to origin validation error. Remote exploitation of th...

Chatwoot 访问控制错误漏洞

Chatwoot is a Chatwoot open source application. Customer Engagement Suite, an open source alternative to Intercom, Zendesk, Salesforce Service Cloud, and more. An access control error vulnerability exists in Chatwoot version 4.7.0 and earlier, which stems from a source validation error due to...

EUVD-2008-1125

Malware in sbrugna...

CVE-2025-11286

A vulnerability was determined in samanhappy MCPHub up to 0.9.10. This affects an unknown part of the file src/controllers/serverController.ts of the component MCPRouter Service. This manipulation of the argument baseUrl causes server-side request forgery. The attack may be initiated remotely. Th...

CVE-2025-11286

A vulnerability was determined in samanhappy MCPHub up to 0.9.10. This affects an unknown part of the file src/controllers/serverController.ts of the component MCPRouter Service. This manipulation of the argument baseUrl causes server-side request forgery. The attack may be initiated remotely. Th...

CVE-2025-11286 samanhappy MCPHub MCPRouter Service serverController.ts server-side request forgery

A vulnerability was determined in samanhappy MCPHub up to 0.9.10. This affects an unknown part of the file src/controllers/serverController.ts of the component MCPRouter Service. This manipulation of the argument baseUrl causes server-side request forgery. The attack may be initiated remotely. Th...

MCPHub 安全漏洞

MCPHub is an MCP server management tool by samanhappy individual developer. A security vulnerability exists in MCPHub version 0.9.10 and earlier, which stems from the incorrect manipulation of the parameter baseUrl in the file src/controllers/serverController.ts, which could lead to server-side...

CVE-2025-11046 Tencent WeKnora test testEmbeddingModel server-side request forgery

A security flaw has been discovered in Tencent WeKnora 0.1.0. This impacts the function testEmbeddingModel of the file /api/v1/initialization/embedding/test. The manipulation of the argument baseUrl results in server-side request forgery. The attack can be launched remotely. The exploit has been...

CVE-2025-11046

CVE-2025-11046 affects Tencent WeKnora 0.1.0. The vulnerability resides in the testEmbeddingModel function under /api/v1/initialization/embedding/test, where manipulating the baseUrl argument can trigger server-side request forgery (SSRF) and may be exploited remotely. The exploit has been releas...

PT-2025-39691

Name of the Vulnerable Software and Affected Versions Tencent WeKnora version 0.1.0 Description A security flaw exists in Tencent WeKnora version 0.1.0. The testEmbeddingModel function within the /api/v1/initialization/embedding/test file is susceptible to server-side request forgery. Manipulatio...

axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL

Summary A previously reported issue in axios demonstrated that using protocol-relative URLs could lead to SSRF Server-Side Request Forgery. Reference: axios/axios6463 A similar problem that occurs when passing absolute URLs rather than protocol-relative URLs to axios has been identified. Even if...

Malicious code in sap-baseurl (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 94e35034940640f4b3a25bc095af6e9194ed1465fd0ac61abc95de728a350b8b The OpenSSF Package Analysis project identified 'sap-baseurl' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2024-7608 Malicious code in sap-baseurl (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 94e35034940640f4b3a25bc095af6e9194ed1465fd0ac61abc95de728a350b8b The OpenSSF Package Analysis project identified 'sap-baseurl' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

[SECURITY] [DLA 3486-1] ocsinventory-server update for php-cas

Debian LTS Advisory DLA-3486-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost July 08, 2023 https://wiki.debian.org/LTS Package : ocsinventory-server Version : 2.5+dfsg1-1+deb10u1 CVE ID : n/a Debian Bug : The source package ocsinventory-server, a Hardware and...

PT-2022-11659 · Webdetails · Webdetails Cpf

Name of the Vulnerable Software and Affected Versions: Webdetails cpf versions up to 9.5.0.0-80 Description: A vulnerability has been found in Webdetails cpf, where the manipulation of the baseUrl argument leads to cross-site scripting. This issue can be launched remotely. Recommendations: For...

Design/Logic Flaw

next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already...

Leaked admin credentials via Insight object import

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated users to see admin credentials via an information disclosure vulnerability in the \BaseUrl/rest/insight/1.0/import/module/test/rlabs-import-type-json?objectSchemaId= endpoint. The affected versions a...