Lucene search
K

19 matches found

NVD
NVD
added 2 days ago5 views

CVE-2026-60105

Monsta FTP before 2.14.5 contains a server-side request forgery vulnerability in the fetchRemoteFile action caused by an incomplete IP blocklist check in the isBlockedIP function, which fails to detect embedded IPv4 addresses within IPv4-mapped IPv6 addresses. An unauthenticated attacker can obta...

8.6CVSS0.00308EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-42427

Monsta FTP before 2.14.5 contains a server-side request forgery vulnerability in the fetchRemoteFile action caused by an incomplete IP blocklist check in the isBlockedIP function, which fails to detect embedded IPv4 addresses within IPv4-mapped IPv6 addresses. An unauthenticated attacker can obta...

8.6CVSS5.9AI score0.00308EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago5 views

PT-2026-56613

Name of the Vulnerable Software and Affected Versions Monsta FTP versions prior to 2.14.5 Description An unauthenticated attacker can trigger a server-side request forgery SSRF by bypassing an IP blocklist. The issue occurs in the fetchRemoteFile action due to an incomplete check in the isBlocked...

8.6CVSS5.9AI score0.00308EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/12 7:43 a.m.17 views

Malicious code in crazehub (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53d37c0e75f63e9da7adcc1f71f8b67a665d080342df6857a15dadc297e4f075 crazehub/init.py performs multiple user-hostile actions at import time. Lines 2-3 unconditionally run os.system"pip install phonenumbers" and...

6AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/11 8:25 p.m.8 views

CVE-2026-42261

PromptHub is an all-in-one AI toolbox for prompt, skill, and agent management. From version 0.4.9 to before version 0.5.4, apps/web/src/routes/skills.ts exposes an authenticated endpoint POST /api/skills/fetch-remote that fetches a user-supplied URL server-side and reflects the response body up t...

7.1CVSS5.7AI score0.00237EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.13 views

PT-2026-38645

Name of the Vulnerable Software and Affected Versions PromptHub versions 0.4.9 through 0.5.3 Description An authenticated endpoint "/api/skills/fetch-remote" fetches a user-supplied URL server-side and reflects the response body back to the caller. The Server-Side Request Forgery SSRF protection ...

7.1CVSS5.8AI score0.00237EPSS
Exploits1References8
NVD
NVD
added 2026/03/31 12:16 p.m.3 views

CVE-2026-32982

OpenClaw before 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia function that exposes Telegram bot tokens in error messages. When media downloads fail, the original Telegram file URLs containing bot tokens are embedded in MediaFetchError strings and leaked to lo...

8.7CVSS0.00418EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/16 8:40 p.m.3 views

Insertion of Sensitive Information into Log File

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the fetchRemoteMedia function. An attacker can obtain sensitive bot tokens by triggering Telegram media fetch errors that cause the...

8.7CVSS5.8AI score0.00418EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/04 4:2 a.m.4 views

Directory Traversal

Overview @google/clasp is a Develop Apps Script Projects locally Affected versions of this package are vulnerable to Directory Traversal in the fetchRemote function in files.ts. An attacker can overwrite files outside the intended project directory via pull and clone commands. Details A Directory...

8.8CVSS6.3AI score0.00465EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2011-4811

Malware in sbrugna...

4.3CVSS9AI score0.01617EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 10:25 p.m.10 views

CVE-2022-30781

Gitea before 1.16.7 does not escape git fetch remote...

7.5CVSS6.8AI score0.87678EPSS
Exploits8References1
ATTACKERKB
ATTACKERKB
added 2022/05/16 4:15 a.m.4 views

CVE-2022-30781

Gitea before 1.16.7 does not escape git fetch remote...

7.5CVSS5.8AI score0.87678EPSS
Exploits8References7
Cvelist
Cvelist
added 2022/05/16 12:0 a.m.32 views

CVE-2022-30781

Gitea before 1.16.7 does not escape git fetch remote...

7.7AI score0.87678EPSS
Exploits8References5
CNNVD
CNNVD
added 2022/05/16 12:0 a.m.4 views

Gitea 安全漏洞

Gitea is a lightweight Go-based git service developed by the Gitea community. A security vulnerability exists in Gitea version 1.16.7 that stems from not escaping the git fetch remote...

7.5CVSS7.2AI score0.87678EPSS
Exploits8References11
Positive Technologies
Positive Technologies
added 2022/05/13 12:0 a.m.6 views

PT-2022-17575 · Unknown · Workspace-Tools

Name of the Vulnerable Software and Affected Versions: workspace-tools versions prior to 0.18.4 Description: The issue concerns Command Injection via git argument injection. When the fetchRemoteBranchremote: string, remoteBranch: string, cwd: string function is called, both the remote and...

9.8CVSS9.9AI score0.06798EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2022/05/02 12:0 a.m.4 views

PT-2022-20314

Name of the Vulnerable Software and Affected Versions Gitea versions 1.16.6 and prior Description The issue is related to the improper handling of git fetch, allowing for shell command injection. This is due to the lack of escaping for the git fetch remote. There is no information provided about...

9.8CVSS6.9AI score0.87678EPSS
Exploits11References36
OSV
OSV
added 2022/04/19 5:15 p.m.1 views

DEBIAN-CVE-2022-25648

The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetchremote = 'origin', opts = function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform...

9.8CVSS8.6AI score0.04871EPSS
Exploits1References1
OSV
OSV
added 2017/01/31 10:59 p.m.3 views

CVE-2016-9417

The fetchremotefile function in MyBB aka MyBulletinBoard before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery SSRF attacks via unspecified vectors...

7.4CVSS5.8AI score0.01651EPSS
Exploits0References4
Prion
Prion
added 2017/01/31 10:59 p.m.11 views

Server side request forgery (ssrf)

The fetchremotefile function in MyBB aka MyBulletinBoard before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery SSRF attacks via unspecified vectors...

5.8CVSS7.3AI score0.01651EPSS
Exploits0References4Affected Software2
Rows per page
Query Builder