5908 matches found
GHSA-576C-3J53-R9JJ Gradio vulnerable to SSRF in the path parameter of /queue/join
Impact What kind of vulnerability is it? Who is impacted? This vulnerability relates to Server-Side Request Forgery SSRF in the /queue/join endpoint. Gradio’s asyncsaveurltocache function allows attackers to force the Gradio server to send HTTP requests to user-controlled URLs. This could enable...
CVE-2024-47167 SSRF in the path parameter of /queue/join in Gradio
Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to Server-Side Request Forgery SSRF in the /queue/join endpoint. Gradio’s asyncsaveurltocache function allows attackers to force the Gradio server to send HTTP requests to user-controlled URLs. This...
Exploit for CVE-2024-9441
CVE-2024-9441 Description of the Vulnerability: This code exp...
CVE-2024-47773 Anonymous cache poisoning via XHR requests in Discourse
Discourse is an open source platform for community discussion. An attacker can make several XHR requests until the cache is poisoned with a response without any preloaded data. This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse...
CVE-2024-9622
A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BADMESSAGE state. As a result, an...
CVE-2024-9622
CVE-2024-9622 applies to the resteasy-netty4 library, where improper handling of HTTP requests containing ASCII control characters can trigger the Netty HttpObjectDecoder BAD_MESSAGE state. This causes subsequent legitimate requests on the same connection to be ignored, leading to client timeouts...
CVE-2024-33506
CVE-2024-33506 affects Fortinet FortiManager. Affected: FortiManager 7.4.2 and below, 7.2.5 and below, 7.0.12 and below. Issue: exposure of sensitive information to an unauthorized actor via crafted HTTP requests, allowing a remote authenticated attacker assigned to an Administrative Domain (ADOM...
CVE-2024-9622
A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BADMESSAGE state. As a result, an...
PT-2025-2806 · Flxeon · Flxeon
Name of the Vulnerable Software and Affected Versions: FLXEON versions through = 9.3.4 Description: The issue is related to a lack of origin validation in WebSockets, which allows unauthorized HTTPS requests due to insufficient session management. This can be exploited by a remote attacker to...
CVE-2024-41987
The TEM Opera Plus FM Family Transmitter application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a...
CVE-2024-41987 Cross-Site Request Forgery (CSRF) vulnerability in TEM Opera Plus FM Family Transmitter
The TEM Opera Plus FM Family Transmitter application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a...
CVE-2024-41987
CVE-2024-41987 corresponds to a Cross-Site Request Forgery (CSRF) vulnerability in TEM Opera Plus FM Family Transmitter. Public documentation (CISA ICS advisory and vendor/community reports) confirms the affected product is TEM Opera Plus FM Family Transmitter, specifically version 35.45, with th...
CVE-2024-41987 Cross-Site Request Forgery (CSRF) vulnerability in TEM Opera Plus FM Family Transmitter
The TEM Opera Plus FM Family Transmitter application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a...
Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers Authenticated RCE (cisco-sa-sb-rv34x-rce-7pqFU2e)
According to its self-reported version, Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution is affected by a vulnerability. - A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker...
CVE-2024-20519
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid...
CVE-2024-20518
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid...
CVE-2024-20521 Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid...
CVE-2024-20521
CVE-2024-20521 affects Cisco Small Business RV042, RV042G, RV320, and RV325 routers. The vulnerability arises from improper validation of user-supplied input in the web-based management interface, enabling an authenticated Administrator to execute arbitrary code as root via crafted HTTP requests....
CVE-2024-20520 Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid...
CVE-2024-20520
CVE-2024-20520 affects Cisco Small Business RV042, RV042G, RV320, and RV325 routers. The issue is in the web-based management interface, caused by improper validation of user-supplied input, allowing an authenticated Administrator to execute arbitrary code as root via crafted HTTP requests. Explo...