CVE-2019-25290 INIM Electronics Smartliving SmartLAN/G/SI <=6.x Unauthenticated SSRF via GetImage

Smartliving SmartLAN/G/SI =6.x contains an unauthenticated server-side request forgery vulnerability in the GetImage functionality through the 'host' parameter. Attackers can exploit the onvif.cgi endpoint by specifying external domains to bypass firewalls and perform network enumeration through...

CVE-2023-53899

PodcastGenerator 3.2.9 contains a blind server-side request forgery vulnerability that allows attackers to inject XML in the episode upload form. Attackers can manipulate the 'shortdesc' parameter to trigger external HTTP requests to arbitrary endpoints during podcast episode creation...

langchain-text-splitters 代码问题漏洞

langchain-text-splitters is a Python package open-sourced by LangChain. A code issue vulnerability exists in langchain-text-splitters version 0.3.8, which stems from the HTMLSectionSplitter class allowing the use of arbitrary XSLT stylesheets, which could lead to an XML External Entity Attack,...

LibreY Code Issue Vulnerability

LibreY is a fork of LibreX, a frameless and JavaScript-free privacy-respecting metasearch engine by hnhx. A code issue vulnerability exists in LibreY. An attacker could use this vulnerability to request the server to send an HTTP GET request to an arbitrary target and conduct a Denial of Service...