846 matches found
OsTicket < 1.14.3 - Server Side Request Forgery
SSRF vulnerability exists in osTicket before 1.14.3, allowing an attacker to add malicious files to the server or perform port scanning. id: CVE-2020-24881 info: name: OsTicket 1.14.3 - Server Side Request Forgery author: hnd3884 severity: critical description: | SSRF vulnerability exists in...
exploit-scripts
Offensive Security Toolkit ╔═════════════════════════════...
-Web-Attack-Detection-Lab
!Kali Linuxhttps://img.shields.io/badge/KaliLinux-557C94?sty...
Web-Attack-Detection-Lab
!Kali Linuxhttps://img.shields.io/badge/KaliLinux-557C94?sty...
EUVD-2026-36288
Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. This allows internal port...
CVE-2026-47170
Garlic-Hub is affected by a CVE-2026-47170 SSRF in the uploadFromUrl endpoint. Prior to version 1.1 , authenticated users could cause the server to issue arbitrary HTTP requests to internal services, enabling internal port scanning, service fingerprinting, and retrieval of internal HTTP responses...
CVE-2026-47170 Garlic-Hub: SSRF vulnerability in uploadFromUrl endpoint
Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. This allows internal port...
PT-2026-48709
Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. This allows internal port...
Garlic-Hub 代码问题漏洞
Garlic-Hub is an open-source digital signage network device and content management tool developed by GarlicSignage. Versions of Garlic-Hub prior to 1.1 contained code vulnerabilities. These vulnerabilities stemmed from the uploadFromUrl endpoint, which allowed authenticated users to make arbitrar...
bugbounty-toolkit
🎯 Bug Bounty Recon Toolkit Automated recon toolkit for author...
CVE-2026-33234
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.1.0 through 0.6.51, SendEmailBlock in autogptplatform/backend/backend/blocks/emailblock.py accepts a user-supplied smtpserver string and smtpport integer as...
CVE-2026-40566
FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Server-Side Request Forgery SSRF vulnerability in the IMAP/SMTP connection test functionality of FreeScout's MailboxesController. Three AJAX actions fetchtest line 731, sendtest line 682, and imapfolder...
CVE-2026-40500
ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbitrary URLs to the module download parameter, causing the server to issue outbound HTTP requests t...
-CyberPentest-Plugin-Claude-Code
🔐 CyberPentest Plugin — Claude Code Plugin de pentest offen...
web-enumerator
🔍 Web Enumeration & Attack Testing Tool A professional‑grade...
ModuScan
| / | | | /...
PHANTOM
PHANTOM Autonomous Penetration Testing Framework Recon -...
PHANTOM_old
PHANTOM Autonomous Penetration Testing Framework Recon -...
WannaCry-Netscanner
WannaCryNetScanner A simple python scanner to detect vulnerabl...
CVE-2026-39310
Trilium Notes Desktop (Electron) prior to 0.102.2 suffers an authentication bypass in the Clipper API. In versions 0.102.1 and earlier (Desktop v0.101.3), Trilium disables authentication middleware for the Clipper API when running in Electron, exposing endpoints such as /api/clipper/notes to the ...