CVE-2026-7094

ShadowCloneLabs GlutamateMCPServers contains a server-side request forgery via puppeteer_navigate (src/puppeteer/index.ts). Manipulating the argument url can trigger SSRF from remote, with no disclosed patch version. CVSS estimates range from 4.0 to 3.0/3.1 depending on vector, all indicating med...

CVE-2026-6606

A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function processaudioblock of the file src/agentscope/agent/agentbase.py. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attack...

EUVD-2026-12379

Insecure Direct Object Reference IDOR vulnerability in Campus Educativa specifically at the endpoint '/archivos/usuarios/ID/username/thumbAAxAA.jpg' translated as 80x90 and 40x45. Successful exploitation of this vulnerability could allow an unauthenticated attacker to access the profile photos of...

CVE-2026-3111 Multiple vulnerabilities on the Educativa Campus

Insecure Direct Object Reference IDOR vulnerability in Campus Educativa specifically at the endpoint '/archivos/usuarios/ID/username/thumbAAxAA.jpg' translated as 80x90 and 40x45. Successful exploitation of this vulnerability could allow an unauthenticated attacker to access the profile photos of...

CVE-2026-3111 Multiple vulnerabilities on the Educativa Campus

Insecure Direct Object Reference IDOR vulnerability in Campus Educativa specifically at the endpoint '/archivos/usuarios/ID/username/thumbAAxAA.jpg' translated as 80x90 and 40x45. Successful exploitation of this vulnerability could allow an unauthenticated attacker to access the profile photos of...

PT-2026-25667

Insecure Direct Object Reference IDOR vulnerability in Campus Educativa specifically at the endpoint '/administracion/admin usuarios.cgi?filtro estado=T&wAccion=listado xlsx&wBuscar=&wFiltrar=&wOrden=alta usuario&wid cursoActual=ID' where the data of users enrolled in the course is exported...

CVE-2023-47107

PILOS is an open source front-end for BigBlueButton servers with a built-in load balancer. The password reset component deployed within PILOS uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to PILOS users...

CVE-2025-3412

A vulnerability, which was classified as critical, was found in mymagicpower AIAS 20250308. Affected is an unknown function of the file 2trainingplatform/train-platform/src/main/java/top/aias/training/controller/InferController.java. The manipulation of the argument url leads to server-side reque...

CVE-2017-20182

A vulnerability was found in Mobile Vikings Django AJAX Utilities up to 1.2.1 and classified as problematic. This issue affects the function Pagination of the file djangoajax/static/ajax-utilities/js/pagination.js of the component Backslash Handler. The manipulation of the argument url leads to...

SAP Commerce 输入验证错误漏洞

SAP Commerce is a set of cloud-based e-commerce platform from Germany's SAP. This product supports sales management, marketing management, order management and operations management. An input validation error vulnerability exists in SAP Commerce versions 1905, 2005, 2105, 2011, and 2205, which ca...

Design/Logic Flaw

The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipulated URL...

Mozilla: Information disclosure due to manipulated URL object

The Mozilla Foundation Security Advisory describes this flaw as: Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript...

Design/Logic Flaw

An issue was discovered in Open Ticket Request System OTRS 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the contex...

[CVE-2012-3373] Apache Wicket XSS vulnerability via manipulated URL parameter

Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Wicket 1.4.x and 1.5.x Description: https://wicket.apache.org/2012/09/06/cve-2012-3373.html It is possible to inject JavaScript statements into an ajax link by adding an encoded null byte to a URL pointing to a...

Remote Include Vulnerability ====> in Dr.Jr7 Gallery 3.2 RC1

TitLe : Remote Include Vulnerability ==== in Dr.Jr7 Gallery 3.2 RC1 eXpLoIt : http://target/path/Galleryone/Gallery.php?pic=shell.txt By : R0t-KeY --- s33 u ;...

SquirrelMail: Several XSS vulnerabilities

Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP protocols. Description SquirrelMail is vulnerable to several cross-site scripting issues, most reported by Martijn Brinkers. Impact By enticing a user to read a specially-crafted e-mail or using a manipulated...