5 matches found
PT-2026-55524
Name of the Vulnerable Software and Affected Versions Eclipse Theia versions 1.26.0 and later Description The backend /services/request-service RPC accepts a URL controlled by an attacker from any client connected to the standard /services messaging endpoint. The server performs the HTTP request...
CVE-2025-59344
AliasVault API <= 0.23.0 is affected by an SSRF in the favicon extraction flow. The extractor fetches a user-supplied URL, parses HTML, and follows . It validates the initial URL to HTTP(S) default ports but follows redirects and does not block loopback/internal IP ranges, allowing an authenti...
Traefik Missing Authentication
Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable...
FreeBSD : froxlor -- database password information leak (9ee72858-4159-11e5-93ad-002590263bf5)
[email protected] reports : An unauthenticated remote attacker is able to get the database password via webaccess due to wrong file permissions of the /logs/ folder in froxlor version 0.9.33.1 and earlier. The plain SQL password and username may be stored in the /logs/sql-error.log file...
froxlor -- database password information leak
[email protected] reports: An unauthenticated remote attacker is able to get the database password via webaccess due to wrong file permissions of the /logs/ folder in froxlor version 0.9.33.1 and earlier. The plain SQL password and username may be stored in the /logs/sql-error.log file...