Lucene search
K

94 matches found

CVE
CVE
added 2026/04/26 5:30 a.m.9 views

CVE-2026-7021

SmythOS SRE up to 0.0.15 is affected by CVE-2026-7021 in the Connector Service, specifically via the file packages/sdk/src/LLM/utils.ts. The vulnerability arises from manipulating the baseURL argument, leading to information disclosure. The issue is exploitable remotely and publicly available too...

5.1CVSS4.9AI score0.0018EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/26 12:0 a.m.9 views

SmythOS 信息泄露漏洞

SmythOS is an open-source infrastructure for the execution and development of AI agents. Versions of SmythOS prior to 0.0.15 contained a vulnerability related to information leakage. This vulnerability stemmed from operations on the baseURL parameter in the Connector Service component’s files...

5.1CVSS5.9AI score0.0018EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/10 12:30 a.m.5 views

EUVD-2026-21141

OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive...

7.1CVSS5.9AI score0.00193EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/09 9:27 p.m.19 views

CVE-2026-35644 OpenClaw < 2026.3.22 - Credential Exposure via baseUrl Fields in Gateway Snapshots

OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive...

7.1CVSS0.00193EPSS
Exploits0References4
CVE
CVE
added 2026/04/09 9:27 p.m.24 views

CVE-2026-35644

OpenClaw before 2026.3.22 has an information disclosure vulnerability that allows attackers with operator.read scope to exfiltrate credentials embedded in channel baseUrl and httpUrl fields..adversaries can retrieve sensitive authentication information from gateway snapshots via config.get and ch...

7.1CVSS5.9AI score0.00193EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.12 views

PT-2026-31777

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.22 Description OpenClaw before version 2026.3.22 contains an information disclosure issue. Attackers with operator.read scope can expose credentials embedded in the channel baseUrl and httpUrl fields. Sensitiv...

7.1CVSS5.8AI score0.00193EPSS
Exploits0References8
OSV
OSV
added 2026/03/26 9:15 p.m.5 views

GHSA-PPWQ-6V66-5M6J OpenClaw Exposes Credentials Embedded in baseUrl Fields via config.get and channels.status

Summary Read-scoped gateway snapshots could expose credentials embedded in channel baseUrl and related endpoint fields. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2 630f1479c44f78484dfa21bb407cbe6f171dac87 - Latest...

7.1CVSS5.8AI score
Exploits0References3
Cvelist
Cvelist
added 2026/03/04 9:58 p.m.19 views

CVE-2026-25750 LangSmith Studio has URL Parameter Injection Vulnerability that Enables Token Theft via Malicious baseUrl

Langchain Helm Charts are Helm charts for deploying Langchain applications on Kubernetes. Prior to langchain-ai/helm version 0.12.71, a URL parameter injection vulnerability existed in LangSmith Studio that could allow unauthorized access to user accounts through stolen authentication tokens. The...

8.5CVSS0.00292EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/16 4:20 p.m.6 views

CVE-2021-47776

Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...

6.9CVSS6.9AI score0.00343EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/01/15 6:31 p.m.14 views

Umbraco CMS contains a server-side request forgery vulnerability

Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...

6.9CVSS7AI score0.00343EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/01/15 6:31 p.m.4 views

GHSA-H66J-XM43-47PP Umbraco CMS contains a server-side request forgery vulnerability

Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...

6.9CVSS6.9AI score0.00343EPSS
Exploits1References5
OSV
OSV
added 2026/01/15 4:16 p.m.6 views

CVE-2021-47776

Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...

5.3CVSS5.5AI score
Exploits0References3
NVD
NVD
added 2026/01/15 4:16 p.m.4 views

CVE-2021-47776

Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...

6.9CVSS0.00343EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/15 3:52 p.m.30 views

CVE-2021-47776 Umbraco v8.14.1 - 'baseUrl' SSRF

Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...

6.9CVSS0.00343EPSS
Exploits1References3
EUVD
EUVD
added 2026/01/15 3:52 p.m.7 views

EUVD-2026-2753

Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...

6.9CVSS6.4AI score0.00343EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/01/15 3:52 p.m.4 views

CVE-2021-47776 Umbraco v8.14.1 - 'baseUrl' SSRF

Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...

6.9CVSS6.5AI score0.00343EPSS
Exploits1References3
CVE
CVE
added 2026/01/15 3:52 p.m.13 views

CVE-2021-47776

Umbraco CMS v8.14.1 is affected by a server-side request forgery due to improper validation of the baseUrl parameter in dashboard and help endpoints. The vulnerability enables an attacker to force the server to perform unauthorized requests to external hosts via the GetContextHelpForPage, GetRemo...

6.9CVSS6.5AI score0.00343EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.7 views

PT-2026-3051

Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...

6.9CVSS6.9AI score0.00343EPSS
Exploits1References4
CVE
CVE
added 2026/01/13 10:51 p.m.14 views

CVE-2022-50899

Geonetwork 3.10–4.2.0 is affected by an XML External Entity (XXE) vulnerability in the PDF rendering path. The issue arises from an insecure XML parser that can be driven by a crafted XML document with external entity references, allowing an attacker to read arbitrary server files via the baseURL...

8.7CVSS6.6AI score0.00463EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/01/13 10:51 p.m.22 views

CVE-2022-50899 Geonetwork 4.2.0 - XML External Entity (XXE)

Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files...

8.7CVSS0.00463EPSS
Exploits1References3
Rows per page
Query Builder