8 matches found
CVE-2026-54753
Nx is a monorepo solution for TypeScript and polyglot codebases. From 17.0.4 until 22.7.2 and 23.0.0-beta.2, the local HTTP server started by nx graph sent Access-Control-Allow-Origin: on every response, letting any website a developer visited read the server's responses cross-origin — including...
CVE-2021-47776
Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...
CVE-2021-47776
Umbraco CMS v8.14.1 is affected by a server-side request forgery due to improper validation of the baseUrl parameter in dashboard and help endpoints. The vulnerability enables an attacker to force the server to perform unauthorized requests to external hosts via the GetContextHelpForPage, GetRemo...
Tdarr 操作系统命令注入漏洞
Tdarr is a multimedia transcoding automation platform from Tdarr Inc. Tdarr version 2.00.15 suffers from an operating system command injection vulnerability that stems from unauthenticated remote code execution in the Help endpoint, which could lead an attacker to inject and link arbitrary comman...
CVE-2010-20109 Barracuda Spam & Virus Firewall "locale" Path Traversal
Barracuda products, confirmed in Spam & Virus Firewall, SSL VPN, and Web Application Firewall versions prior to October 2010, contain a path traversal vulnerability in the viewhelp.cgi endpoint. The locale parameter fails to properly sanitize user input, allowing attackers to inject traversal...
CVE-2010-20109
CVE-2010-20109 affects Barracuda Spam & Virus Firewall, SSL VPN, and Web Application Firewall before October 2010. The flaw is a path traversal in the view_help.cgi endpoint caused by improper sanitization of the locale parameter, allowing unauthenticated remote attackers to inject traversal sequ...
PT-2025-34285 · Undefined · Undefined
Barracuda products, confirmed in Spam & Virus Firewall, SSL VPN, and Web Application Firewall versions prior to October 2010, contain a path traversal vulnerability in the view help.cgi endpoint. The locale parameter fails to properly sanitize user input, allowing attackers to inject traversal...
Citrix NetScaler Nitro help/rt/large_search.html Cross-Site Scripting Vulnerability
Citrix NetScaler is a network traffic management product. A cross-site scripting vulnerability in Citrix NetScaler help/rt/largesearch.html allows an attacker to inject malicious script code via the searchQuery parameter...