MAL-2026-4402 Malicious code in @kyungseopk1m/holidays-kr (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8538f74ec98ab5287a941ebac99e8624ba40d809edbc5b033da1150254d8215 On import/use, dist/cjs/index.js and dist/mjs/index.js call fetch against the hardcoded endpoint https://kdata.kxxseop.workers.dev with data sourced...

EUVD-2025-200097

Better Auth affected by external request basePath modification DoS...

EUVD-2017-16561

Malware in sbrugna...

EUVD-2025-23884

Malicious code in bioql PyPI...

CVE-2025-46659

An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. Information disclosure can occur via an external HTTPS request...

DNN site Import could use an external source with a crafted request

A malicious SuperUser Host could craft a request to use an external url for a site export to then be imported...

CVE-2025-29927

A flaw was found in Next.js package. This vulnerability allows bypassing authorization checks within a Next.js application if the authorization check occurs in middleware. Mitigation Block or drop external user requests which contain the x-middleware-subrequest header from reaching your Next.js...

Cross-site Scripting (XSS)

Overview prosemirror-model is a ProseMirror's document model Affected versions of this package are vulnerable to Cross-site Scripting XSS due to serializeNodeInner and serializeMark functions that put a value from an attribute directly in an array used to describe a DOM structure and not fully...

MGASA-2023-0126 Updated python-cairosvg packages fix security vulnerability

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service...

CVE-2020-35579

tindy2013 subconverter 0.6.4 has a /sub?target=%TARGET%&url=%URL%&config=%CONFIG% API endpoint that accepts an arbitrary %URL% value and launches a GET request for it, but does not consider that the external request target may indirectly redirect back to this original /sub endpoint. Thus, a reque...

Red Hat Mobile Application Platform Cross-Site Request Forgery Security Bypass Vulnerability

App Studiomillicore is an app development tool. externalrequest ap is one of the interfaces for handling external requests. A security vulnerability exists in the externalrequest ap call in App Studiomillicore. An attacker can exploit this vulnerability to explore internal network resources and...

CVE-2017-7553

The externalrequest api call in App Studio millicore allows server side request forgery SSRF. An attacker could use this flaw to probe the network internal resources, and access restricted endpoints...

PT-2017-17796 · Millicore · App Studio

Name of the Vulnerable Software and Affected Versions: App Studio millicore affected versions not specified Description: The issue allows for server side request forgery SSRF through the external request API call. This could enable an attacker to probe internal network resources and access...

RHMAP: SSRF via external_request feature of App Studio

The externalrequest api call in App Studio millicore allows server side request forgery SSRF. An attacker could use this flaw to probe the network internal resources and access restricted endpoints...

Proxy File '.pac' External Request Detection

Binary data 7205.pasl...

DEBIAN-CVE-2016-1898

FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming HLS M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file...