3 matches found
CVE-2026-32111
ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form beta feature accepts a user-supplied haurl and makes a server-side HTTP request to haurl/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network...
PT-2024-34862 · Unknown · Gopi.R Twitter Plugin
Name of the Vulnerable Software and Affected Versions: Gopi.R Twitter Plugin versions prior to 7.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS in the Twitter real-time searc...
OpenProject Session Hijacking Vulnerability
OpenProject is an open source Web-based project management software . The software has project planning , task management , bug tracking and cost budgeting and other functions . A session hijacking vulnerability exists in OpenProject versions prior to 6.1.6 and 7.x versions prior to 7.0.3, which...