Lucene search
K

4 matches found

GitLab Advisory Database
GitLab Advisory Database
added 2026/03/30 12:0 a.m.10 views

FHIR Validator: Unauthenticated Blind SSRF via /loadIG Endpoint Enables Internal Network Probing

The /loadIG HTTP endpoint in the FHIR Validator HTTP service accepts a user-supplied URL via JSON body and makes server-side HTTP requests to it without any hostname, scheme, or domain validation. An unauthenticated attacker with network access to the validator can probe internal network services...

5.8CVSS5.9AI score0.00235EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.14 views

PT-2026-44752

Name of the Vulnerable Software and Affected Versions libsoup affected versions not specified Description An unsigned to signed conversion error exists in the soup body input stream read chunked function. A remote attacker can exploit this by sending a malicious HTTP request when libsoup is used...

4.8CVSS5.9AI score0.00872EPSS
Exploits0References26
OSV
OSV
added 2025/09/10 5:15 p.m.7 views

CVE-2025-57520

A Cross Site Scripting XSS vulnerability exists in Decap CMS thru 3.8.3. Input fields such as body, tags, title, and description are not properly sanitized before being rendered in the content preview pane. This enables an attacker to inject arbitrary JavaScript which executes whenever a user vie...

6.1CVSS6AI score0.00297EPSS
Exploits2References3
Cvelist
Cvelist
added 2004/09/01 4:0 a.m.15 views

CVE-2002-1271

The Mail::Mailer Perl module in the perl-MailTools package 1.47 and earlier uses mailx as the default mailer, which allows remote attackers to execute arbitrary commands by inserting them into the mail body, which is then processed by mailx...

7.4AI score0.0356EPSS
Exploits0References7
Rows per page
Query Builder