94 matches found
CVE-2022-50899 Geonetwork 4.2.0 - XML External Entity (XXE)
Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files...
CVE-2026-22794 Account Takeover Vulnerability in Appsmith
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.93, the server uses the Origin value from the request headers as the email link baseUrl without validation. If an attacker controls the Origin, password reset / email verification links in emails can be...
CVE-2026-22794 Account Takeover Vulnerability in Appsmith
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.93, the server uses the Origin value from the request headers as the email link baseUrl without validation. If an attacker controls the Origin, password reset / email verification links in emails can be...
CVE-2025-12245
A vulnerability was identified in chatwoot up to 4.7.0. This vulnerability affects the function initPostMessageCommunication of the file app/javascript/sdk/IFrameHelper.js of the component Widget. The manipulation of the argument baseUrl leads to origin validation error. Remote exploitation of th...
CVE-2025-12245 chatwoot Widget IFrameHelper.js initPostMessageCommunication origin validation
A vulnerability was identified in chatwoot up to 4.7.0. This vulnerability affects the function initPostMessageCommunication of the file app/javascript/sdk/IFrameHelper.js of the component Widget. The manipulation of the argument baseUrl leads to origin validation error. Remote exploitation of th...
CVE-2025-12245 chatwoot Widget IFrameHelper.js initPostMessageCommunication origin validation
A vulnerability was identified in chatwoot up to 4.7.0. This vulnerability affects the function initPostMessageCommunication of the file app/javascript/sdk/IFrameHelper.js of the component Widget. The manipulation of the argument baseUrl leads to origin validation error. Remote exploitation of th...
Chatwoot 访问控制错误漏洞
Chatwoot is a Chatwoot open source application. Customer Engagement Suite, an open source alternative to Intercom, Zendesk, Salesforce Service Cloud, and more. An access control error vulnerability exists in Chatwoot version 4.7.0 and earlier, which stems from a source validation error due to...
EUVD-2008-1125
Malware in sbrugna...
CVE-2025-11286
A vulnerability was determined in samanhappy MCPHub up to 0.9.10. This affects an unknown part of the file src/controllers/serverController.ts of the component MCPRouter Service. This manipulation of the argument baseUrl causes server-side request forgery. The attack may be initiated remotely. Th...
CVE-2025-11286 samanhappy MCPHub MCPRouter Service serverController.ts server-side request forgery
A vulnerability was determined in samanhappy MCPHub up to 0.9.10. This affects an unknown part of the file src/controllers/serverController.ts of the component MCPRouter Service. This manipulation of the argument baseUrl causes server-side request forgery. The attack may be initiated remotely. Th...
CVE-2025-11286 samanhappy MCPHub MCPRouter Service serverController.ts server-side request forgery
A vulnerability was determined in samanhappy MCPHub up to 0.9.10. This affects an unknown part of the file src/controllers/serverController.ts of the component MCPRouter Service. This manipulation of the argument baseUrl causes server-side request forgery. The attack may be initiated remotely. Th...
MCPHub 安全漏洞
MCPHub is an MCP server management tool by samanhappy individual developer. A security vulnerability exists in MCPHub version 0.9.10 and earlier, which stems from the incorrect manipulation of the parameter baseUrl in the file src/controllers/serverController.ts, which could lead to server-side...
CVE-2025-11046
CVE-2025-11046 affects Tencent WeKnora 0.1.0. The vulnerability resides in the testEmbeddingModel function under /api/v1/initialization/embedding/test, where manipulating the baseUrl argument can trigger server-side request forgery (SSRF) and may be exploited remotely. The exploit has been releas...
CVE-2025-11046 Tencent WeKnora test testEmbeddingModel server-side request forgery
A security flaw has been discovered in Tencent WeKnora 0.1.0. This impacts the function testEmbeddingModel of the file /api/v1/initialization/embedding/test. The manipulation of the argument baseUrl results in server-side request forgery. The attack can be launched remotely. The exploit has been...
PT-2025-39691
Name of the Vulnerable Software and Affected Versions Tencent WeKnora version 0.1.0 Description A security flaw exists in Tencent WeKnora version 0.1.0. The testEmbeddingModel function within the /api/v1/initialization/embedding/test file is susceptible to server-side request forgery. Manipulatio...
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL
Summary A previously reported issue in axios demonstrated that using protocol-relative URLs could lead to SSRF Server-Side Request Forgery. Reference: axios/axios6463 A similar problem that occurs when passing absolute URLs rather than protocol-relative URLs to axios has been identified. Even if...
MAL-2024-7608 Malicious code in sap-baseurl (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 94e35034940640f4b3a25bc095af6e9194ed1465fd0ac61abc95de728a350b8b The OpenSSF Package Analysis project identified 'sap-baseurl' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...
Malicious code in sap-baseurl (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 94e35034940640f4b3a25bc095af6e9194ed1465fd0ac61abc95de728a350b8b The OpenSSF Package Analysis project identified 'sap-baseurl' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...
[SECURITY] [DLA 3486-1] ocsinventory-server update for php-cas
Debian LTS Advisory DLA-3486-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost July 08, 2023 https://wiki.debian.org/LTS Package : ocsinventory-server Version : 2.5+dfsg1-1+deb10u1 CVE ID : n/a Debian Bug : The source package ocsinventory-server, a Hardware and...
PT-2022-11659 · Webdetails · Webdetails Cpf
Name of the Vulnerable Software and Affected Versions: Webdetails cpf versions up to 9.5.0.0-80 Description: A vulnerability has been found in Webdetails cpf, where the manipulation of the baseUrl argument leads to cross-site scripting. This issue can be launched remotely. Recommendations: For...