35 matches found
New API: SSRF Protection Bypass via Unresolved Hostname in Notification URLs
Summary The default SSRF protection configuration did not apply IP filtering to hostnames. With ApplyIPFilterForDomain disabled by default, URL validation checked domain allow/block rules but did not resolve a hostname and validate the resolved IP address. Authenticated users could configure...
CVE-2026-34047 Coolify: WebSocket Endpoint Access Control Flaw Leading to Remote Code Execution
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal WebSocket bootstrap routes did not enforce the expected authorization middleware, allowing an authenticated user to access terminal functionality for resources...
CVE-2026-13819
Out of bounds read in ANGLE in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...
CVE-2026-10900
Use after free in Passwords in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...
CVE-2026-48238 Open ISES Tickets < 3.44.2 SQL Injection via ajax/mobile_main.php id Parameter
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/mobilemain.php where the id GET parameter is concatenated into the WHERE clause of a SELECT statement used as a ticket-existence sanity check without sanitization. Authenticated attackers can craft requests that alter...
CVE-2024-13971 Arbitrary File Read and Server Side Request Forgery via XML External Entities in Lobster_pro
Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobsterpro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...
CVE-2026-5870
Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
CVE-2026-35526
Strawberry GraphQL is a library for creating GraphQL APIs. Prior to 0.312.3, Strawberry GraphQL's WebSocket subscription handlers for both the graphql-transport-ws and legacy graphql-ws protocols allocate an asyncio.Task and associated Operation object for every incoming subscribe message without...
CVE-2026-4736 Math Issue in No-Chicken/Echo-Mate
Improper Handling of Values vulnerability in No-Chicken Echo-Mate SDK/rv1106-sdk/sysdrv/source/kernel/include/net/netfilter modules. This vulnerability is associated with program files nftables.H, nftbyteorder.C, nftmeta.C. This issue affects Echo-Mate: before V250329...
CVE-2026-3938
Insufficient policy enforcement in Clipboard in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...
PT-2026-24219
A vulnerability has been identified in SICAM SIAPP SDK All versions V2.1.7. An out-of-bounds write vulnerability exists in SICAM SIAPP SDK. This could allow an attacker to write data beyond the intended buffer, potentially leading to denial of service, or arbitrary code execution...
rustfs 跨站脚本漏洞
RustFS is a high-performance object storage system developed by RustFS. Versions of RustFS prior to 1.0.0-alpha.83 contained a cross-site scripting vulnerability. This vulnerability stems from stored-cross-site scripts and could lead to credential leakage and account takeover attacks...
CVE-2026-25221
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for GitHub and Google login providers is vulnerable to Login Cross-Site Request Forgery CSRF. The application fails to implement and verify the state parameter during the...
PT-2025-50894
Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0-alpha.2, a GitHub CI workflow is triggered in a way that grants the GitHub Actions workflow elevated permissions, giving it access to GitHub secrets and write permission...
CVE-2025-63562
The CVE describes a vulnerability in Summer Pearl Group Vacation Rental Management Platform prior to version 1.0.2 where server-side authorization is insufficient. Authenticated attackers can manipulate request parameters (e.g., owner or resource id) to call endpoints and perform create, update, ...
CVE-2025-62363
CVE-2025-62363 affects yt-grabber-tui prior to version 1.0-rc. The root cause is a configurable path_to_yt_dlp that lets an attacker with write access to the configuration or the executable’s filesystem location replace yt-dlp or symlink to a malicious binary. When yt-grabber-tui invokes yt-dlp, ...
SAMSUNG Mobile devices 安全漏洞
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices versions prior to SMR Sep-2025 Release 1, which stems from improper privilege management and...
CVE-2025-34161
CVE-2025-34161 affects Coolify versions prior to v4.0.0-beta.420.7. A remote code execution flaw exists in the project deployment workflow: authenticated users with low privileges can inject arbitrary shell commands through the Git Repository field during project creation, leading to arbitrary co...
PT-2025-33493 · Plane · Plane
Name of the Vulnerable Software and Affected Versions: Plane versions prior to 0.28.0 Description: Plane is open-source project management software. A stored cross-site scripting XSS vulnerability exists in the description html field. This flaw allows an attacker to inject malicious JavaScript co...
CVE-2024-8031
The Secure Downloads WordPress plugin before 1.2.3 is vulnerable does not properly restrict which files can be downloaded. This makes it possible for authenticated attackers, with admin-level access and above, to download arbitrary files that may contain sensitive information like wp-config.php...