9 matches found
CVE-2026-9304
A security flaw has been discovered in calcom cal.diy up to 4.9.4. The affected element is the function validateUrlForSSRF of the file apps/web/app/api/logo/route.ts of the component Logo API. The manipulation results in server-side request forgery. It is possible to launch the attack remotely...
CVE-2026-9304
A security flaw has been discovered in calcom cal.diy up to 4.9.4. The affected element is the function validateUrlForSSRF of the file apps/web/app/api/logo/route.ts of the component Logo API. The manipulation results in server-side request forgery. It is possible to launch the attack remotely...
CVE-2026-9304 calcom cal.diy Logo API route.ts validateUrlForSSRF server-side request forgery
A security flaw has been discovered in calcom cal.diy up to 4.9.4. The affected element is the function validateUrlForSSRF of the file apps/web/app/api/logo/route.ts of the component Logo API. The manipulation results in server-side request forgery. It is possible to launch the attack remotely...
EUVD-2026-31540
A security flaw has been discovered in calcom cal.diy up to 4.9.4. The affected element is the function validateUrlForSSRF of the file apps/web/app/api/logo/route.ts of the component Logo API. The manipulation results in server-side request forgery. It is possible to launch the attack remotely...
CVE-2026-9304 calcom cal.diy Logo API route.ts validateUrlForSSRF server-side request forgery
A security flaw has been discovered in calcom cal.diy up to 4.9.4. The affected element is the function validateUrlForSSRF of the file apps/web/app/api/logo/route.ts of the component Logo API. The manipulation results in server-side request forgery. It is possible to launch the attack remotely...
CVE-2026-9304
CVE-2026-9304 describes a server-side request forgery in calcom cal.diy ≤ 4.9.4 . The flaw is in the function validateUrlForSSRF in the file apps/web/app/api/logo/route.ts of the Logo API component. Exploitation can be remote; exploitability is described as difficult. A public exploit exists. The...
cal.diy 代码问题漏洞
cal.diy is an open-source calendar scheduling platform developed by Cal. Versions of cal.diy 4.9.4 and earlier have code vulnerabilities. These vulnerabilities stem from the Logo API component file apps/web/app/api/logo/route.ts, specifically the function validateUrlForSSRF, which may lead to...
CVE-2024-3028
mintplex-labs/anything-llm is vulnerable to improper input validation, allowing attackers to read and delete arbitrary files on the server. By manipulating the 'logofilename' parameter in the 'system-preferences' API endpoint, an attacker can construct requests to read sensitive files or the...
CVE-2024-3028
CVE-2024-3028 affects mintplex-labs/anything-llm. The issue is improper input validation in the system-preferences API where manipulating the logo_filename parameter can cause reading of arbitrary files (including .env) and deletion via remove-logo. Root cause: lack of proper sanitization of user...