23 matches found
CVE-2026-41321
@astrojs/cloudflare is an SSR adapter for use with Cloudflare Workers targets. Prior to 13.1.10, the fetch call for remote images in packages/integrations/cloudflare/src/utils/image-binding-transform.ts uses the default redirect: 'follow' behavior. This allows the Cloudflare Worker to follow HTTP...
Apify Model Context Protocol (MCP) server: Domain Allowlist Bypass in fetch-apify-docs via String Prefix Matching
Summary The fetch-apify-docs tool validates URLs against a domain allowlist using String.startsWith instead of proper URL hostname comparison. This allows bypass via attacker-controlled subdomains e.g., https://docs.apify.com.evil.com/, enabling the tool to fetch and return arbitrary web content ...
GHSA-JWP7-WG77-3W9V Apify Model Context Protocol (MCP) server: Domain Allowlist Bypass in fetch-apify-docs via String Prefix Matching
Summary The fetch-apify-docs tool validates URLs against a domain allowlist using String.startsWith instead of proper URL hostname comparison. This allows bypass via attacker-controlled subdomains e.g., https://docs.apify.com.evil.com/, enabling the tool to fetch and return arbitrary web content ...
CVE-2026-41321 @astrojs/cloudflare: SSRF via redirect following in Cloudflare image-binding-transform endpoint
@astrojs/cloudflare is an SSR adapter for use with Cloudflare Workers targets. Prior to 13.1.10, the fetch call for remote images in packages/integrations/cloudflare/src/utils/image-binding-transform.ts uses the default redirect: 'follow' behavior. This allows the Cloudflare Worker to follow HTTP...
EUVD-2026-25579
@astrojs/cloudflare is an SSR adapter for use with Cloudflare Workers targets. Prior to 13.1.10, the fetch call for remote images in packages/integrations/cloudflare/src/utils/image-binding-transform.ts uses the default redirect: 'follow' behavior. This allows the Cloudflare Worker to follow HTTP...
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : league/commonmark vulnerabilities (USN-8194-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8194-1 advisory. It was discovered that league/commonmark did not properly restrict unsafe attributes when the Attributes extension was enabled. A...
USN-8194-1: league/commonmark vulnerabilities
It was discovered that league/commonmark did not properly restrict unsafe attributes when the Attributes extension was enabled. An attacker could possibly use this issue to cause cross-site scripting by injecting malicious code into rendered HTML. This issue only affected Ubuntu 22.04 LTS and...
CVE-2026-34936
PraisonAI is a multi-agent teams system. Prior to version 4.5.90, passthrough and apassthrough in praisonai accept a caller-controlled apibase parameter that is concatenated with endpoint and passed directly to httpx.Client.request when the litellm primary path raises AttributeError. No URL schem...
CVE-2026-27818 TerriaJS-Server has a domain validation bypass vulnerability in its proxy allowlist
TerriaJS-Server is a NodeJS Express server for TerriaJS, a library for building web-based geospatial data explorers. A validation bug in versions prior to 4.0.3 allows an attacker to proxy domains not explicitly allowed in the proxyableDomains configuration. Version 4.0.3 fixes the issue...
CVE-2026-27818 TerriaJS-Server has a domain validation bypass vulnerability in its proxy allowlist
TerriaJS-Server is a NodeJS Express server for TerriaJS, a library for building web-based geospatial data explorers. A validation bug in versions prior to 4.0.3 allows an attacker to proxy domains not explicitly allowed in the proxyableDomains configuration. Version 4.0.3 fixes the issue...
n8n Node.js Package < 1.121.0 Domain Allowlist Bypass / Credential Exfiltration (CVE-2026-25631)
The version of the n8n Node.js Package installed on the remote host is prior to 1.121.0. It is, therefore, affected by a credential exfiltration vulnerability: - A vulnerability in the HTTP Request node's credential domain validation allows an authenticated attacker to send requests with...
CVE-2026-25631
The CVE-2026-25631 entry concerns n8n’s HTTP Request node credential domain validation. The vulnerability allows an authenticated attacker to send requests with credentials to unintended domains, potentially exfiltrating credentials. It specifically affects users with wildcard domain patterns lik...
CVE-2026-25631 Domain allowlist bypass enables credential exfiltration
n8n is an open source workflow automation platform. Prior to 1.121.0, there is a vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially leading to credential exfiltration. This on...
CVE-2026-25631 Domain allowlist bypass enables credential exfiltration
n8n is an open source workflow automation platform. Prior to 1.121.0, there is a vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially leading to credential exfiltration. This on...
GHSA-2XCX-75H9-VR9H n8n's domain allowlist bypass enables credential exfiltration
Impact A vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially leading to credential exfiltration. This only might affect user who have credentials that use wildcard domain...
CVE-2021-43833
eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows any authenticated user to gain access to arbitrary accounts by setting a specially crafted email address. This vulnerability impacts all instances that have not set a...
CVE-2025-2245
A server-side request forgery SSRF vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte %00...
CVE-2025-2245
A server-side request forgery SSRF vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte %00...
CVE-2025-2245 Server Side Request Forgery in GravityZone Update Server Using Null Bytes (VA-12646)
A server-side request forgery SSRF vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte %00...
(Pwn2Own) Adobe Acrobat Reader DC Net.HTTP.request URL Restriction Bypass Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...