4168 matches found
CVE-2026-3734
A flaw has been found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /fetchmanagerdetails.php of the component Endpoint. This manipulation of the argument managerid causes improper authorization. The attack can be initiated remotely. The explo...
EUVD-2026-10237
A flaw has been found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /fetchmanagerdetails.php of the component Endpoint. This manipulation of the argument managerid causes improper authorization. The attack can be initiated remotely. The explo...
CVE-2026-3734
A flaw has been found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /fetchmanagerdetails.php of the component Endpoint. This manipulation of the argument managerid causes improper authorization. The attack can be initiated remotely. The explo...
CVE-2026-3734
SourceCodester Client Database Management System 1.0 is affected in the Endpoint feature, specifically the /fetch_manager_details.php function. The vulnerability arises from manipulation of the argument manager_id, leading to improper authorization. This can be exploited remotely; exploit is publ...
CVE-2026-3734 SourceCodester Client Database Management System Endpoint fetch_manager_details.php improper authorization
A flaw has been found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /fetchmanagerdetails.php of the component Endpoint. This manipulation of the argument managerid causes improper authorization. The attack can be initiated remotely. The explo...
SourceCodester Client Database Management System 授权问题漏洞
SourceCodester Client Database Management System is an open-source client database management system developed by SourceCodester. Version 1.0 of the SourceCodester Client Database Management System has a vulnerability related to authorization issues. This vulnerability stems from the handling of...
PT-2026-23939
Name of the Vulnerable Software and Affected Versions SourceCodester Client Database Management System version 1.0 Description A flaw exists in SourceCodester Client Database Management System that allows improper authorization. The issue is related to the manipulation of the manager id argument ...
CVE-2026-29178
Lemmy, a link aggregator and forum for the fediverse, is vulnerable to server-side request forgery via a dependency on activitypubfederation, a framework for ActivityPub federation in Rust. Prior to version 0.19.16, the GET /api/v4/image/filename endpoint is vulnerable to unauthenticated SSRF...
CVE-2026-30858
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a DNS rebinding vulnerability in the webfetch tool allows an unauthenticated attacker to bypass URL validation and access internal resources on the server, including privat...
CVE-2026-30858
The connected GHSA advisory describes a DNS rebinding vulnerability in WeKnora’s web_fetch tool that enables SSRF to internal resources. Root cause: incomplete DNS pinning allows a TOCTOU attack where validation resolves to a public IP, while execution resolves to an internal/private IP, enabling...
CVE-2026-30858 WeKnora: DNS Rebinding Vulnerability in web_fetch Tool Allows SSRF to Internal Resources
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a DNS rebinding vulnerability in the webfetch tool allows an unauthenticated attacker to bypass URL validation and access internal resources on the server, including privat...
CVE-2026-30858
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a DNS rebinding vulnerability in the webfetch tool allows an unauthenticated attacker to bypass URL validation and access internal resources on the server, including privat...
CVE-2026-30858 WeKnora: DNS Rebinding Vulnerability in web_fetch Tool Allows SSRF to Internal Resources
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a DNS rebinding vulnerability in the webfetch tool allows an unauthenticated attacker to bypass URL validation and access internal resources on the server, including privat...
CVE-2026-28467
OpenClaw versions prior to 2026.2.2 contain a server-side request forgery vulnerability in attachment and media URL hydration that allows remote attackers to fetch arbitrary HTTPS URLs. Attackers who can influence media URLs through model-controlled sendAttachment or auto-reply mechanisms can...
CVE-2026-28394
OpenClaw versions prior to 2026.2.15 contain a denial of service vulnerability in the webfetch tool that allows attackers to crash the Gateway process through memory exhaustion by parsing oversized or deeply nested HTML responses. Remote attackers can social-engineer users into fetching malicious...
GHSA-H6GW-8F77-MMMP WeKnora has DNS Rebinding Vulnerability in web_fetch Tool that Allows SSRF to Internal Resources
Summary A DNS rebinding vulnerability in the webfetch tool allows an unauthenticated attacker to bypass URL validation and access internal resources on the server, including private IP addresses e.g., 127.0.0.1, 192.168.x.x. By crafting a malicious domain that resolves to a public IP during...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the webfetch process. An attacker can access internal resources and sensitive data by exploiting DNS rebinding to bypass URL validation and force the application to connect to private IP addresses...
WeKnora has DNS Rebinding Vulnerability in web_fetch Tool that Allows SSRF to Internal Resources
Summary A DNS rebinding vulnerability in the webfetch tool allows an unauthenticated attacker to bypass URL validation and access internal resources on the server, including private IP addresses e.g., 127.0.0.1, 192.168.x.x. By crafting a malicious domain that resolves to a public IP during...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the webfetch process. An attacker can access internal resources and sensitive data by exploiting DNS rebinding to bypass URL validation and force the application to connect to private IP addresses...
PT-2026-23801
Name of the Vulnerable Software and Affected Versions WeKnora versions prior to 0.3.0 Description WeKnora, an LLM-powered framework for deep document understanding and semantic retrieval, contains a DNS rebinding issue in the web fetch tool. An unauthenticated attacker can bypass URL validation a...