Lucene search
+L

10 matches found

euvd
euvd
added 2026/05/28 5:30 p.m.13 views

EUVD-2026-32964

CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.22, the fetchurl tool validates the initial URL's resolved IP address against a restricted-IP blocklist isrestrictedip to prevent SSRF attacks against internal services cloud metadata endpoints, localhost, private networks...

7.4CVSS5.7AI score0.00226EPSS
Exploits0References2
cvelist
cvelist
added 2026/05/28 5:30 p.m.33 views

CVE-2026-45310 CodeWhale: SSRF via HTTP Redirect Bypass in fetch_url Tool

CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.22, the fetchurl tool validates the initial URL's resolved IP address against a restricted-IP blocklist isrestrictedip to prevent SSRF attacks against internal services cloud metadata endpoints, localhost, private networks...

7.4CVSS0.00226EPSS
Exploits0References2
patchstack
patchstack
added 2026/05/14 8:29 p.m.10 views

NPM: DeepSeek TUI has SSRF via HTTP Redirect Bypass in fetch_url Tool

NPM: DeepSeek TUI has SSRF via HTTP Redirect Bypass in fetchurl Tool vulnerability discovered by ? in WordPress Npm deepseek-tui versions 0.8.22...

7.4CVSS5.8AI score0.00226EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/04/16 8:45 p.m.5 views

GHSA-F8HV-G549-HWG2 Weblate: SSRF via the webhook add-on using unprotected fetch_url()

Impact The webhook add-on did not utilize existing SSRF protection. Patches https://github.com/WeblateOrg/weblate/pull/18815 Workarounds Disabling the add-on would avoid misusing this. References Thanks to @Lihfdgjr for reporting this via GitHub...

4.1CVSS5.8AI score0.00275EPSS
Exploits0References5
susecve
susecve
added 2023/02/15 5:25 a.m.5 views

SUSE CVE-2014-8517

The fetchurl function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | pipe character at the end of an HTTP redirect...

7.5CVSS7.8AI score0.69115EPSS
Exploits8References3
cvelist
cvelist
added 2022/05/04 1:6 p.m.28 views

CVE-2022-28090

Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery SSRF via /cmscp/ext/collect/fetchurl.do?url=...

6.9AI score0.01032EPSS
Exploits1References1
nvd
nvd
added 2014/11/17 4:59 p.m.22 views

CVE-2014-8517

The fetchurl function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | pipe character at the end of an HTTP redirect...

7.5CVSS7.4AI score0.69115EPSS
Exploits8References10
osv
osv
added 2014/11/17 4:59 p.m.4 views

DEBIAN-CVE-2014-8517

The fetchurl function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | pipe character at the end of an HTTP redirect...

7.5CVSS7.8AI score0.69115EPSS
Exploits8References1
ubuntucve
ubuntucve
added 2014/11/17 4:59 p.m.33 views

CVE-2014-8517

The fetchurl function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | pipe character at the end of an HTTP redirect...

7.5CVSS6.2AI score0.69115EPSS
Exploits8References2
cve
cve
added 2014/11/17 4:0 p.m.114 views

CVE-2014-8517

CVE-2014-8517 affects tnftp’s ftp(1) client, where handling of HTTP URIs can cause arbitrary command execution when the redirected filename ends with a pipe character. The NetBSD/tnftp fetch_url code path parses the last segment after redirects as the output filename, and if it begins with |, the...

7.5CVSS4.7AI score0.69115EPSS
Exploits8References10Affected Software1
Rows per page
Query Builder