CVE-2021-27371

The Contact page in Monica 2.19.1 allows stored XSS via the Description field...

CVE-2021-27559

The Contact page in Monica 2.19.1 allows stored XSS via the Nickname field...

CVE-2026-26747

A Host Header Poisoning vulnerability exists in Monica 4.1.2 due to improper handling of the HTTP Host header in app/Providers/AppServiceProvider.php, combined with the default misconfiguration where the "app.forceurl" is not set and default is "false". The application generates absolute URLs suc...

CVE-2026-26747

A Host Header Poisoning vulnerability exists in Monica 4.1.2 due to improper handling of the HTTP Host header in app/Providers/AppServiceProvider.php, combined with the default misconfiguration where the "app.forceurl" is not set and default is "false". The application generates absolute URLs suc...

CVE-2026-26747

A Host Header Poisoning vulnerability exists in Monica 4.1.2 due to improper handling of the HTTP Host header in app/Providers/AppServiceProvider.php, combined with the default misconfiguration where the "app.forceurl" is not set and default is "false". The application generates absolute URLs suc...

CVE-2026-26747

A Host Header Poisoning vulnerability exists in Monica 4.1.2 due to improper handling of the HTTP Host header in app/Providers/AppServiceProvider.php, combined with the default misconfiguration where the "app.forceurl" is not set and default is "false". The application generates absolute URLs suc...

CVE-2026-26747

Monica 4.1.2 is affected by a Host Header Poisoning issue caused by improper handling of the HTTP Host header in app/Providers/AppServiceProvider.php, compounded by the default app.force_url being unset/false. The app constructs absolute URLs (e.g., password reset links) using the user-supplied H...

CVE-2026-26747

A Host Header Poisoning vulnerability exists in Monica 4.1.2 due to improper handling of the HTTP Host header in app/Providers/AppServiceProvider.php, combined with the default misconfiguration where the "app.forceurl" is not set and default is "false". The application generates absolute URLs suc...

CVE-2026-26747

A Host Header Poisoning vulnerability exists in Monica 4.1.2 due to improper handling of the HTTP Host header in app/Providers/AppServiceProvider.php, combined with the default misconfiguration where the "app.forceurl" is not set and default is "false". The application generates absolute URLs suc...

PT-2026-21270

Name of the Vulnerable Software and Affected Versions Monica version 4.1.2 Description A Host Header Poisoning issue exists due to improper handling of the HTTP Host header in the file app/Providers/AppServiceProvider.php. This is combined with a default misconfiguration where app.force url is no...

Monica 安全漏洞

Monica is an AI assistant of the Monica company. Version 4.1.2 of Monica contains a security vulnerability, which stems from improper handling of HTTP headers, potentially leading to header poisoning attacks...

EUVD-2021-14310

Malware in sbrugna...

EUVD-2021-14127

Malware in sbrugna...

EUVD-2020-23323

Malware in sbrugna...

EUVD-2021-14129

Malware in sbrugna...

EUVD-2021-14126

Malware in sbrugna...

EUVD-2021-14128

Malware in sbrugna...

EUVD-2024-52715

Malicious code in bioql PyPI...

CVE-2024-45989

Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. A prompt injection allows an attacker to modify chatbot answer with an unloaded image that exfiltrates the user's sensitive chat data of the current session to a malicious...

CVE-2024-48140

A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica Your AI Copilot powered by ChatGPT4 v6.3.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message...