31 matches found
EUVD-2020-27365
Malware in sbrugna...
EUVD-2020-27361
Malware in sbrugna...
EUVD-2023-27938
Malicious code in bioql PyPI...
HaxCMS-PHP Command Injection Vulnerability
Summary The 'gitImportSite' functionality obtains a URL string from a POST request and insufficiently validates user input. The ’setremote’ function later passes this input into ’procopen’, yielding OS command injection. Details The vulnerability exists in the logic of the ’gitImportSite’ functio...
CVE-2020-6215
SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection...
CVE-2020-6211
SAP Business Objects Business Intelligence Platform AdminTools, versions 4.1, 4.2, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability...
CVE-2019-0388
SAP UI5 HTTP Handler corrected in SAPUI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI700 version 2.0 allows an attacker to manipulate content due to insufficient URL validation...
Arbitrary Code Execution (ACE)
Tarteaucitron.js is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to insufficient URL validation, allowing a user with high privileges to input a URL with an insecure scheme, such as javascript:alert, which could lead to arbitrary JavaScript execution when clicked...
Server Side Request Forgery (SSRF)
shopxo/shopxo is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-supplied URLs in the image upload function, allowing attackers to craft requests that the server executes on their behalf...
GHSA-WFXG-V3J4-7QMJ Memos Server-Side Request Forgery (SSRF)
elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery SSRF due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks...
PT-2025-9016 · Elestio · Elestio Memos
Name of the Vulnerable Software and Affected Versions: elestio memos version 0.23.0 Description: The issue is related to Server-Side Request Forgery SSRF due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks. This vulnerability allows attackers to...
CVE-2025-22952
elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery SSRF due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks...
CVE-2024-13888
The WPMobile.App plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 11.56. This is due to insufficient validation on the redirect URL supplied via the 'redirect' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially...
CVE-2025-24868 Open Redirect Vulnerability in SAP HANA extended application services, advanced model (User Account and Authentication Services)
The User Account and Authentication service UAA for SAP HANA extended application services, advanced model SAP HANA XS advanced model allows an unauthenticated attacker to craft a malicious link, that, when clicked by a victim, redirects the browser to a malicious site due to insufficient redirec...
CVE-2024-4084
A Server-Side Request Forgery SSRF vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols. Despite efforts to filter out intranet IP addresses starting with 192, 172...
Gradio < 4.18.0 Vulnerability - CVE-2024-2206
The version of Gradio installed on the remote host is prior to 4.18.0. It is, therefore, affected by an SSRF vulnerability exists in the gradio-app/gradio due to insufficient validation of user-supplied URLs in the /proxy route. Attackers can exploit this vulnerability by manipulating the...
MGASA-2024-0317 Updated python3 packages fix security vulnerabilities
A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...
PT-2024-19175 · Gradio · Gradio
Name of the Vulnerable Software and Affected Versions: gradio-app/gradio affected versions not specified Description: A vulnerability exists due to insufficient validation of user-supplied URLs in the "/proxy" route. Attackers can exploit this by manipulating the self.replica urls set through the...
CVE-2023-40306 URL Redirection vulnerability in SAP S/4HANA (Manage Catalog Items and Cross-Catalog search)
SAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori apps allow an attacker to redirect users to a malicious site due to insufficient URL validation. As a result, it may have a slight impact on confidentiality and integrity...
Oracle Linux 7 : libreoffice (ELSA-2020-1151)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1151 advisory. - Resolves: rhbz1743962 CVE-2019-9848 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...