CVE-2026-6604

The CVE-2026-6604 entry affects modelscope agentscope up to version 1.0.18, specifically the Cloud Metadata Endpoint’s _openai_tools.py functions _parse_url, prepare_image, and openai_audio_to_text. The vulnerability arises from manipulating image_url/audio_file_url, enabling server-side request ...

CVE-2026-4964

The vulnerability CVE-2026-4964 affects letta-ai letta 0.16.4, specifically the function _convert_message_create_to_message in letta/helpers/message_helper.py (File URL Handler). It enables server-side request forgery through manipulation of ImageContent, with remote exploitation possible. Public...

CVE-2026-1556 Information disclosure via file URI overwrite in File (Field) Paths

Information disclosure in the file URI processing of File Field Paths in Drupal File Field Paths 7.x prior to 7.1.3 on Drupal 7.x allows authenticated users to disclose other users’ private files via filename‑collision uploads. This can cause hooknodeinsert consumers for example, email attachment...

CVE-2025-9208

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is removed from the file URL,...

PT-2024-40438 · Unknown · Htmleditorfield Toolbar

Name of the Vulnerable Software and Affected Versions: HtmlEditorField Toolbar affected versions not specified Description: The issue concerns the "Add from URL" functionality, which does not properly sanitize URLs on the server side. Specifically, the HtmlEditorField Toolbar action viewfile is...

CVE-2020-8776

Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 rb65251d6-b368 has XSS via the URL property of a file...

WordPress Plugin aspose-doc-exporter 1.0 - Arbitrary File Download

WordPress Plugin aspose-doc-exporter 1.0 - Arbitrary File Download |||||||||||||||||||||||||||||||||||||||||||||||||| |-------------------------------------------------------------------------| | + Exploit Title:Wordpress aspose-doc-exporter Plugin Arbitrary File Download Vulnerability | | +...

WordPress Aspose Importer / Exporter 1.0 File Download

Exploit Title : Wordpress Aspose Importer & Exporter v1.0 Plugin File Download Vulnerability Exploit Author : Ashiyane Digital Security Team Vendor Homepage: https://wordpress.org/plugins/aspose-importer-exporter/ Download Link :...

java-1.6.0-sun: Stack-based buffer overflow via a long file: URL argument (6854303)

Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to execute arbitrary code via a long file: URL in a...