Lucene search
K

11 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-3478

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00201EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-6821

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00534EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2025/05/31 1:31 a.m.5 views

SUSE CVE-2024-12224

Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname...

4.2CVSS6.9AI score0.00201EPSS
Exploits1References29
NVD
NVD
added 2025/05/30 2:15 a.m.9 views

CVE-2024-12224

Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname...

8.8CVSS0.00201EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/03/22 12:39 p.m.9 views

CVE-2025-0454

A Server-Side Request Forgery SSRF vulnerability was identified in the Requests utility of significant-gravitas/autogpt versions prior to v0.4.0. The vulnerability arises due to a hostname confusion between the urlparse function from the urllib.parse library and the requests library. A malicious...

7.5CVSS6.9AI score0.00534EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.23 views

CVE-2025-0454

A Server-Side Request Forgery SSRF vulnerability was identified in the Requests utility of significant-gravitas/autogpt versions prior to v0.4.0. The vulnerability arises due to a hostname confusion between the urlparse function from the urllib.parse library and the requests library. A malicious...

7.5CVSS0.00534EPSS
Exploits1References2
OSV
OSV
added 2025/03/20 10:11 a.m.7 views

CVE-2025-0454 SSRF Check Bypass in Requests Utility in significant-gravitas/autogpt

A Server-Side Request Forgery SSRF vulnerability was identified in the Requests utility of significant-gravitas/autogpt versions prior to v0.4.0. The vulnerability arises due to a hostname confusion between the urlparse function from the urllib.parse library and the requests library. A malicious...

7.5CVSS7AI score0.00534EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/03/20 10:11 a.m.9 views

CVE-2025-0454 SSRF Check Bypass in Requests Utility in significant-gravitas/autogpt

A Server-Side Request Forgery SSRF vulnerability was identified in the Requests utility of significant-gravitas/autogpt versions prior to v0.4.0. The vulnerability arises due to a hostname confusion between the urlparse function from the urllib.parse library and the requests library. A malicious...

7.5CVSS7.6AI score0.00534EPSS
Exploits1References2
CVE
CVE
added 2025/03/20 10:11 a.m.61 views

CVE-2025-0454

The CVE-2025-0454 entry corresponds to a Server-Side Request Forgery (SSRF) in significant-gravitas/autogpt prior to v0.4.0. The root cause is a hostname confusion between urllib.parse.urlparse and the requests library, allowing a crafted URL (for example, http://localhost:@google.com/../) to byp...

7.5CVSS7.5AI score0.00534EPSS
Exploits1References2Affected Software1
Huntr
Huntr
added 2024/12/04 7:28 p.m.7 views

SSRF check bypass in Requests utility

Description The autogpt application relies on a wrapper around the requests library in order to avoid SSRF attacks performing a check on the provided URL. Such check is performed using the urlparse function from urllib.parse library, and the request is later performed using the requests library...

7.5CVSS7.7AI score0.00534EPSS
Exploits1
OSV
OSV
added 2022/06/28 12:1 a.m.9 views

GHSA-4P35-CFCX-8653 Hostname confusion in parse-url

Exposure of Sensitive Information to an Unauthorized Actor via hostname confusion in GitHub repository ionicabizau/parse-url prior to 6.0.1...

7.5CVSS5.9AI score0.01104EPSS
Exploits1References3
Rows per page
Query Builder