4130 matches found
Exploit for CVE-2026-3844
CVE-2026-3844 — Breeze Cache RCE Unauthenticated Arbitrary...
CVE-2026-7403
A security flaw has been discovered in geldata gel-mcp 0.1.0. This impacts the function listrules/fetchrule of the file src/gelmcp/server.py. The manipulation of the argument rulename results in path traversal. The attack may be performed from remote. The exploit has been released to the public a...
CVE-2026-7403 geldata gel-mcp server.py fetch_rule path traversal
A security flaw has been discovered in geldata gel-mcp 0.1.0. This impacts the function listrules/fetchrule of the file src/gelmcp/server.py. The manipulation of the argument rulename results in path traversal. The attack may be performed from remote. The exploit has been released to the public a...
CVE-2026-7403
CVE-2026-7403 affects geldata gel-mcp 0.1.0. The vulnerability is in src/gel_mcp/server.py, function list_rules/fetch_rule, where manipulating the argument rule_name enables path traversal. This could be exploited remotely; the exploit is publicly available. The project was informed of the issue ...
Gel MCP server 路径遍历漏洞
The Gel MCP server is a MCP server tool developed by Gel for the Gel open-source database. Version 0.1.0 of the Gel MCP server contains a path traversal vulnerability. This vulnerability stems from improper handling of the parameter rulename in the listrules/fetchrule function located in the file...
PT-2026-36005
A security flaw has been discovered in geldata gel-mcp 0.1.0. This impacts the function list rules/fetch rule of the file src/gel mcp/server.py. The manipulation of the argument rule name results in path traversal. The attack may be performed from remote. The exploit has been released to the publ...
CVE-2026-41914
OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in QQ Bot media download paths that bypass SSRF protection. Attackers can exploit unprotected media fetch endpoints to access internal resources and bypass allowlist policies...
CVE-2026-41914 OpenClaw < 2026.4.8 - Server-Side Request Forgery in QQ Bot Media Fetch Paths
OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in QQ Bot media download paths that bypass SSRF protection. Attackers can exploit unprotected media fetch endpoints to access internal resources and bypass allowlist policies...
CVE-2026-41914
OpenClaw contains a server-side request forgery in QQ Bot media download paths prior to 2026.4.8. The issue allows unprotected media fetch endpoints to bypass SSRF protection and access internal resources, circumventing allowlists. Affected package: openclaw (QQ Bot extension) with versions
CVE-2026-41914 OpenClaw < 2026.4.8 - Server-Side Request Forgery in QQ Bot Media Fetch Paths
OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in QQ Bot media download paths that bypass SSRF protection. Attackers can exploit unprotected media fetch endpoints to access internal resources and bypass allowlist policies...
GHSA-R2JQ-4H3X-RFJ6 BigSweetPotatoStudio HyperChat has a Server-Side Request Forgery issue
A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...
BigSweetPotatoStudio HyperChat has a Server-Side Request Forgery issue
A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...
EUVD-2026-25980
A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...
CVE-2026-7223 BigSweetPotatoStudio HyperChat AI Proxy Middleware aiProxyMiddleware.mts fetch server-side request forgery
A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...
PT-2026-35655
A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...
O2OA 代码问题漏洞
O2OA is an open-source enterprise application development platform developed by O2OA. Versions of O2OA 10.0 and earlier contained code vulnerabilities. These vulnerabilities were caused by an operation in the FileAction function during component URL fetching, which led to server-side request...
MAL-2026-3100 Malicious code in fetch-data-api-syncapi (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 dda63ba0d0dbd4ddf1d89523cacf89d51ffc9a25891e38cb49a9e424721fba9d The package contains code to download and start a malicious executable. It's masqueraded using name similar to Windows services. In analyzed versions, the code...
Malicious code in fetch-data-api-syncapi (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 dda63ba0d0dbd4ddf1d89523cacf89d51ffc9a25891e38cb49a9e424721fba9d The package contains code to download and start a malicious executable. It's masqueraded using name similar to Windows services. In analyzed versions, the code...
CVE-2026-7084
CVE-2026-7084 affects HBAI-Ltd Toonflow-app (up to 1.1.1). The issue is in the fetch of the file src/routes/setting/vendorConfig/getCodeByLink.ts via the getCodeByLink endpoint, where manipulating the Link parameter leads to server-side request forgery. It can be exploited remotely; an exploit is...
Command Injection
Overview GitPython is a python library used to interact with Git repositories Affected versions of this package are vulnerable to Command Injection via the uploadpack or receivepack kwargs in the Repo.clonefrom, Remote.fetch, Remote.pull, or Remote.push functions. An attacker can execute arbitrar...