2 matches found
CVE-2026-16016
The CVE-2026-16016 entry affects Poco AI’s poco-claw up to version 0.5.4. Affected component: run_task in executor/app/api/v1/task.py. Root cause: manipulation of the callback_url argument enables server-side request forgery (SSRF). Impact: remote exploitation with potential access to internal re...
X (Formerly Twitter): Bypassing callback_url validation on Digits
Hi, I would like to report an issue in Digits which allows attacker to bypass the callbackurl validation of an application and thus takeover an account. Detail Digits is a part of the Fabric SDK which offers phone-based sign in. It also provides web login flow. In the navigation-based...