7 matches found
Exploit for Improper Access Control in Nodejs Node.Js
CVE-2026-21636 - Node.js Permission Model UDS/Network Bypass...
EUVD-2022-34599
Malicious code in bioql PyPI...
marimo vulnerable to proxy abuse of /mpl/{port}/
Summary The /mpl// endpoint, which is accessible without authentication on default Marimo installations allows for external attackers to reach internal services and arbitrary ports. Details From our understanding, this route is used internally to provide access to interactive matplotlib...
CVE-2025-2828
CVE-2025-2828 describes an SSRF flaw in the RequestsToolkit of langchain-ai/langchain (langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit) affecting version 0.0.27. The vulnerability arises from insufficiently restricted requests to remote internet addresses, enabling an attacker ...
Infinite loop and Blind SSRF found inside the Webfinger mechanism in @fedify/fedify
Summary This vulnerability allows a user to maneuver the Webfinger mechanism to perform a GET request to any internal resource on any Host, Port, URL combination regardless of present security mechanisms, and forcing the victim’s server into an infinite loop causing Denial of Service. Moreover,...
CVE-2022-30613
IBM QRadar SIEM 7.4 and 7.5 could disclose sensitive information via a local service to a privileged user. IBM X-Force ID: 227366...
CVE-2019-13069
extenua SilverSHielD 6.x fails to secure its ProgramData folder, leading to a Local Privilege Escalation to SYSTEM. The attacker must replace SilverShield.config.sqlite with a version containing an additional user account, and then use SSH and port forwarding to reach a 127.0.0.1 service...