CVE-2026-3189

A weakness has been identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This vulnerability affects unknown code of the file /api/admin/common/files/download. Executing a manipulation of the argument url can lead to server-side request forgery. The attack can be executed remotely. Attacks ...

CVE-2026-3189

A weakness has been identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This vulnerability affects unknown code of the file /api/admin/common/files/download. Executing a manipulation of the argument url can lead to server-side request forgery. The attack can be executed remotely. Attacks ...

CVE-2026-3189 feiyuchuixue sz-boot-parent download server-side request forgery

A weakness has been identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This vulnerability affects unknown code of the file /api/admin/common/files/download. Executing a manipulation of the argument url can lead to server-side request forgery. The attack can be executed remotely. Attacks ...

CVE-2026-3189

Feiyuchuixue sz-boot-parent up to 1.3.2-beta contains a server-side request forgery (SSRF) via the url parameter in the /api/admin/common/files/download endpoint. The issue can be exploited remotely and stems from inadequate validation; upgrade to 1.3.3-beta. The patch aefaabfd7527188bfba3c8c9eee...

PT-2026-21944

Name of the Vulnerable Software and Affected Versions feiyuchuixue sz-boot-parent versions through 1.3.2-beta Description A weakness exists in feiyuchuixue sz-boot-parent up to version 1.3.2-beta. This issue affects unknown code within the /api/admin/common/files/download file. Manipulation of th...

Linux Distros Unpatched Vulnerability : CVE-2018-6360

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and...

CVE-2023-37535

Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap allow script injection through query parameters...

CVE-2023-37535

Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap allow script injection through query parameters...

CVE-2023-37535 HCL Domino Volt and Domino Leap are affected by a Cross-site scripting (XSS) vulnerability

Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap allow script injection through query parameters...

CVE-2023-37535 HCL Domino Volt and Domino Leap are affected by a Cross-site scripting (XSS) vulnerability

Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap allow script injection through query parameters...

CVE-2023-37534

Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters...

CVE-2023-37534 HCL Leap is affected by a Cross-site scripting (XSS) vulnerability

Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters...

CVE-2023-37534 HCL Leap is affected by a Cross-site scripting (XSS) vulnerability

Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters...

PT-2025-17842 · Hcl · Hcl Leap

Name of the Vulnerable Software and Affected Versions: HCL Leap affected versions not specified Description: The issue is related to an insufficient URI protocol whitelist, which allows script injection through query parameters. Recommendations: At the moment, there is no information about a newe...

SUSE CVE-2018-6360

mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdlhook.lua. For example, an av://lavfi:ladspa=file= UR...

mpv: Remote code execution

Background Video player based on MPlayer/mplayer2 Description A vulnerability was discovered in mpv with the handling of HTML documents containing VIDEO elements. Additionally, mpv accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdlhook.lua. Impact A remote...

openSUSE Security Update : mpv (openSUSE-2018-173)

This update for mpv fixes the following issues : MPV was updated to version 0.27.2 Security issues fixed : - CVE-2018-6360: Additional fix for where mpv allowed remote attackers to execute arbitrary code via a crafted website, because it read HTML documents containing VIDEO elements, and accepts...

[ASA-201802-7] mpv: arbitrary code execution

Arch Linux Security Advisory ASA-201802-7 ========================================= Severity: High Date : 2018-02-13 CVE-ID : CVE-2018-6360 Package : mpv Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-605 Summary ======= The package mpv before version...

FreeBSD : mpv -- arbitrary code execution via crafted website (3ee6e521-0d32-11e8-99b0-d017c2987f9a)

mpv developers report : mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted website, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdlhook.lua. For example, an...

CVE-2018-6360

mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdlhook.lua. For example, an av://lavfi:ladspa=file= UR...