10 matches found
PT-2026-41689
Name of the Vulnerable Software and Affected Versions Neotoma versions 0.6.0 through 0.11.0 Description Neotoma can treat public reverse-proxied requests as local when the application receives them over a loopback socket and no Bearer token is present. This occurs in deployments behind a reverse...
OpenClaw 访问控制错误漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an Access Control Error vulnerability that is caused by a failure to properly handle authentication boot errors during startup. An attacker can exploit the vulnerability to cause a local process or...
EUVD-2025-112799
Malicious code in hermes-css-minimizer-webpack-plugin-local-request npm...
Rockwell Automation Studio 5000 Simulation Interface 安全漏洞
Rockwell Automation Studio 5000 Simulation Interface is a simulation modeling tool from Rockwell Automation. The Rockwell Automation Studio 5000 Simulation Interface suffers from a server-side request forgery vulnerability that stems from the server not implementing sufficient authentication...
EUVD-2025-35686
Vilar VS-IPC1002 IP cameras are vulnerable to DoS Denial-of-Service attacks. An unauthenticated attacker on the same local network might send a crafted request to /cgi-bin/action endpoint and render the device completely unresponsive. A manual restart of the device is required. The vendor did not...
ASUS System Control Interface 安全漏洞
ASUS System Control Interface is a computer system control interface from Asus China. A security vulnerability exists in ASUS System Control Interface that originates from a double release triggered when sending a specially crafted local RPC request, which could lead to a service crash and memory...
CVE-2024-8042
Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect...
CVE-2024-21643 Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability
IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Anyone leveraging the SignedHttpRequestprotocol or the SignedHttpRequestValidatoris vulnerable. Microsoft.IdentityModel trusts the jkuclaim...
Embedthis Software GoAhead Request Replay Attack Vulnerability
Embedthis Software GoAhead is an embedded Web server from Embedthis Software, USA. A request replay attack vulnerability exists in Embedthis Software GoAhead versions prior to 5.1.2, which stems from GoAhead's failure to properly handle nonce values during Digest authentication, and can be...
Adobe Reader PDF Local Request Injection Vulnerability
Adobe reader is a popular application for working with PDF files. A local request injection vulnerability exists in Adobe Reader PDF. An attacker can exploit this vulnerability to obtain sensitive information...