Server-side Request Forgery (SSRF)

Overview prompts.chat is a Developer toolkit for AI prompts - build, validate, parse, and connect to prompts.chat Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the token parameter in the Fal.ai media status polling flow. An attacker can access sensitive...

CVE-2026-22664

prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in the Fal.ai media status polling feature that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack ...

EUVD-2021-1527

Malware in sbrugna...

CVE-2021-38623

The deferredimageprocessing aka Deferred image processing extension before 1.0.2 for TYPO3 allows Denial of Service via the FAL API because of /var/transient disk consumption...

GHSA-34JQ-548X-M2X9 Improper Resource Shutdown or Release in TYPO3 extension

Wrong usage of the TYPO3 FAL API results in copies of processed files being saved to the /var/transient/ folder of a TYPO3 website on every frontend request. This can result in Denial of Service, since the webspace may be filled up with image files simply by crafting a large amount of requests to...

TYPO3 Denial of Service Vulnerability (CNVD-2022-17978)

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Typo3 association.TYPO3 has a denial of service vulnerability that can be exploited by attackers to cause a denial of service via the FAL API...

CVE-2021-38623

The deferredimageprocessing aka Deferred image processing extension before 1.0.2 for TYPO3 allows Denial of Service via the FAL API because of /var/transient disk consumption...

Code injection

The deferredimageprocessing aka Deferred image processing extension before 1.0.2 for TYPO3 allows Denial of Service via the FAL API because of /var/transient disk consumption...

CVE-2021-38623

The deferredimageprocessing aka Deferred image processing extension before 1.0.2 for TYPO3 allows Denial of Service via the FAL API because of /var/transient disk consumption...

CVE-2021-38623

CVE-2021-38623 affects the TYPO3 extension deferred_image_processing (aka Deferred image processing) up to version 1.0.1. The root cause is a flaw in how the FAL API is used, causing excess writes to the /var/transient directory and enabling a Denial of Service via disk consumption. The vulnerabi...

Denial of Service in Extension "Deferred image processing" (deferred_image_processing)

Wrong usage of the TYPO3 FAL API results in copies of processed files being saved to the /var/transient/ folder of a TYPO3 website on every frontend request. This can result in Denial of Service, since the webspace may be filled up with image files simply by crafting a large amount of requests to...