CVE-2026-31941

Chamilo LMS prior to versions 1.11.38 and 2.0.0-RC.3 is affected by a Server-Side Request Forgery (SSRF) in the Social Wall feature. The read_url_with_open_graph endpoint accepts a user-supplied URL via the social_wall_new_msg_main POST parameter and performs two server-side HTTP requests without...

CVE-2017-18882

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS can occur via OpenGraph data...

CVE-2019-20880

An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. It allows attackers to cause a denial of service memory consumption via OpenGraph...

EUVD-2017-8262

Malware in sbrugna...

EUVD-2019-11417

Malware in sbrugna...

EUVD-2017-9972

Malware in sbrugna...

EUVD-2023-57647

Malicious code in bioql PyPI...

CVE-2023-5330

Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable...

BIT-MATTERMOST-2023-5330

Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable...

CVE-2023-48728

A cross-site scripting xss vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...

Denial Of Service Attack

Mattermost is vulnerable to Denial of Service DoS. The vulnerability was due to the OpenGraph functionality in the server/channels/api4/openGraph.go file of the Mattermost server.This allows an attacker to exploit this by sending numerous requests to the /api/v4/opengraph endpoint, causing...

CVE-2023-5330

Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable...

Design/Logic Flaw

Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable...

CVE-2023-5330 Denial of Service via Opengraph Data Cache

Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable...

CVE-2023-5330 Denial of Service via Opengraph Data Cache

Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable...

CVE-2023-5330

Mattermost is reported vulnerable to a Denial of Service via the OpenGraph cache. The issue stems from failing to enforce a limit on the size of cache entries for OpenGraph data, allowing an attacker to send crafted requests to /api/v4/opengraph that can fill the cache and render the server unava...

PT-2023-32049 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue arises from the failure to enforce a limit for the size of the cache entry for OpenGraph data. This allows an attacker to send a specially crafted request to the...

Mattermost Security Vulnerabilities

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from a failure to enforce a limit on the size of cache entries when handling the OpenGraph data cache, which allows an attacker to send a...

Artesãos SEOTools 输入验证错误漏洞

SEOTools is an Artesãos open source SEO tool for Laravel and Lumen. Artesãos SEOTools before 0.17.2 version of the input validation error vulnerability , the vulnerability stems from the file OpenGraph.php function makeTag problem , the operation of the parameter value will lead to open redirect...

LY Corporation: SSRF occurrence in website preview used by LINE Official Account Manager (https://manager.line.biz)

LINE Official Account Manager https://manager.line.biz uses PagePoker to provide website previews. Here it was not properly validated against the Opengraph image tag target, which could point to an internal network resource...