CVE-2026-43899

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, An incomplete mitigation for CVE-2025-55733 leaves DeepChat vulnerable to an arbitrary protocol execution bypass RCE. While the patch correctly restricted...

CVE-2026-42140

The CVE covers the PlantUML Macro used in XWiki, where the vulnerability lies in the server parameter not being validated. Prior to version 2.4.1, an attacker can supply an arbitrary URL (including internal addresses) to the server parameter, causing the XWiki server to attempt to connect for ren...

Kube-router Proxy Module Blindly Trusts ExternalIPs/LoadBalancer IPs Enabling Cluster-Wide Traffic Hijacking and DNS DoS

kube-router Proxy Module Does Not Validate ExternalIPs or LoadBalancer IPs Against Configured Ranges Summary This issue primarily affects multi-tenant clusters where untrusted users are granted namespace-scoped permissions to create or modify Services. Single-tenant clusters or clusters where all...

GHSA-JJ37-3377-M6VV Duplicate Advisory: Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mm7p-fcc7-pg87. This link is maintained to preserve external references. Original Description A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient...

Duplicate Advisory: Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mm7p-fcc7-pg87. This link is maintained to preserve external references. Original Description A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient...

UBUNTU-CVE-2025-13033

A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the emai...

CVE-2025-13033

The CVE-2025-13033 entry concerns Nodemailer’s email parsing library. A flaw in handling specially formatted recipient addresses allows an attacker to craft a recipient that embeds an external address within quotes, causing misdirection of mail to the attacker’s external address rather than the i...

CVE-2025-13033 Nodemailer: nodemailer: email to an unintended domain can occur due to interpretation conflict

A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the emai...

EUVD-2025-19462

Malicious code in bioql PyPI...

CVE-2025-6829

A vulnerability was found in aaluoxiang oasystem up to c3a08168c144f27256a90838492c713f55f1b207 and classified as critical. This issue affects the function outAddress of the component External Address Book Handler. The manipulation leads to sql injection. The attack may be initiated remotely. Thi...

CVE-2025-6829

A vulnerability was found in aaluoxiang oasystem up to c3a08168c144f27256a90838492c713f55f1b207 and classified as critical. This issue affects the function outAddress of the component External Address Book Handler. The manipulation leads to sql injection. The attack may be initiated remotely. Thi...

CVE-2025-6829

CVE-2025-6829 affects aaluoxiang oa_system (up to commit c3a08168c144f27256a90838492c713f55f1b207) with the External Address Book Handler’s outAddress function. The vulnerability is a SQL injection due to manipulation of outAddress, and is capable of remote initiation. Public details consistently...

CVE-2025-6829 aaluoxiang oa_system External Address Book outAddress sql injection

A vulnerability was found in aaluoxiang oasystem up to c3a08168c144f27256a90838492c713f55f1b207 and classified as critical. This issue affects the function outAddress of the component External Address Book Handler. The manipulation leads to sql injection. The attack may be initiated remotely. Thi...

CVE-2025-6829 aaluoxiang oa_system External Address Book outAddress sql injection

A vulnerability was found in aaluoxiang oasystem up to c3a08168c144f27256a90838492c713f55f1b207 and classified as critical. This issue affects the function outAddress of the component External Address Book Handler. The manipulation leads to sql injection. The attack may be initiated remotely. Thi...

PT-2025-27333 · Unknown · Aaluoxiang Oa System

Name of the Vulnerable Software and Affected Versions: aaluoxiang oa system up to c3a08168c144f27256a90838492c713f55f1b207 Description: A critical issue was found in the outAddress function of the External Address Book Handler component, leading to SQL injection. The attack can be initiated...

oa_system 注入漏洞

oasystem is a hailey individual developer's application for the day-to-day operation and management of organizations, used by employees and managers. An injection vulnerability exists in oasystem that originates from an external address book handler resulting in SQL injection...

Malicious code in browser-history-analytics (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e1ac674eaa856956dea531487502bd21a51f5324bdfcaf788645bbbb41eb27f5 When starting the server with expected functionality with potentially sensitive content, the package silently sends the location external IP to a remote...

DEBIAN-CVE-2024-22262

Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is...

DEBIAN-CVE-2024-22259

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF...

CVE-2022-43378

A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause the user to be tricked into performing unintended actions when external address frames are not properly restricted. Affected Products: NetBotz 4 - 355/450/455/550/570 V4.7.0 and prior...