39 matches found
Server-side Request Forgery (SSRF)
Overview prompts.chat is a Developer toolkit for AI prompts - build, validate, parse, and connect to prompts.chat Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the token parameter in the Fal.ai media status polling flow. An attacker can access sensitive...
CVE-2026-22664
prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in the Fal.ai media status polling feature that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack ...
CVE-2026-22664 prompts.chat SSRF via Fal.ai Media Status Polling
prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in the Fal.ai media status polling feature that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack ...
CVE-2026-22664
The CVE-2026-22664 issue affects prompts.chat with an SSRF in Fal.ai media status polling prior to commit 30a8f04. Authenticated users can supply attacker-controlled URLs in the token parameter to trigger arbitrary outbound requests, potentially exposing the FAL_API_KEY in the Authorization heade...
CVE-2026-22664 prompts.chat SSRF via Fal.ai Media Status Polling
prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in the Fal.ai media status polling feature that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack ...
CVE-2026-22664
prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in the Fal.ai media status polling feature that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack ...
GHSA-QXGF-HMCJ-3XW3 OpenClaw affected by SSRF via unguarded image download in fal provider
Summary The fal provider used raw fetches for both provider API traffic and returned image download URLs instead of the existing SSRF-guarded fetch path. Impact A malicious or compromised fal relay could make the gateway fetch internal URLs and expose metadata or internal service responses throug...
OpenClaw affected by SSRF via unguarded image download in fal provider
Summary The fal provider used raw fetches for both provider API traffic and returned image download URLs instead of the existing SSRF-guarded fetch path. Impact A malicious or compromised fal relay could make the gateway fetch internal URLs and expose metadata or internal service responses throug...
GHSA-35CQ-WV6V-88XF Duplicate Advisory: OpenClaw affected by SSRF via unguarded image download in fal provider
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qxgf-hmcj-3xw3. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider...
Duplicate Advisory: OpenClaw affected by SSRF via unguarded image download in fal provider
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qxgf-hmcj-3xw3. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider...
EUVD-2026-17471
OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider image-generation-provider.ts component that allows attackers to fetch internal URLs. A malicious or compromised fal relay can exploit unguarded image download fetches to expose internal service...
CVE-2026-34504
OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider image-generation-provider.ts component that allows attackers to fetch internal URLs. A malicious or compromised fal relay can exploit unguarded image download fetches to expose internal service...
CVE-2026-34504 OpenClaw < 2026.3.28 - Server-Side Request Forgery via Unguarded Image Download in fal Provider
OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider image-generation-provider.ts component that allows attackers to fetch internal URLs. A malicious or compromised fal relay can exploit unguarded image download fetches to expose internal service...
CVE-2026-34504
OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider image-generation-provider.ts component that allows attackers to fetch internal URLs. A malicious or compromised fal relay can exploit unguarded image download fetches to expose internal service...
CVE-2026-34504
CVE-2026-34504 affects OpenClaw prior to version 2026.3.28, via the fal provider image-generation-provider.ts, enabling a server-side request forgery (SSRF) to fetch internal URLs. Attackers using a compromised fal relay can trigger unguarded image download fetches to expose internal service meta...
PT-2026-29266
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description A server-side request forgery condition exists in the fal provider image-generation-provider.ts component. This allows attackers to retrieve internal URLs. A compromised or malicious fal relay c...
EUVD-2021-1527
Malware in sbrugna...
CVE-2021-38623
The deferredimageprocessing aka Deferred image processing extension before 1.0.2 for TYPO3 allows Denial of Service via the FAL API because of /var/transient disk consumption...
Maritime lawyers assemble!
Maritime cyber insurance has been playing catch-up with maritime cyber security for a while now. It was all pretty good until the availability of cheap VSAT meant that ships became constantly connected. Vessels were mostly not connected at sea, other than Fleet Broadband connections, rarely used...
Typo3 Broken Access Control in Import Module
It has been discovered that the Import/Export module is susceptible to broken access control. Regular backend users have access to import functionality which usually only is available to admin users or users having User TSconfig setting options.impexp.enableImportForNonAdminUser explicitly enable...