CVE-2020-12725

Havoc Research discovered an authenticated Server-Side Request Forgery SSRF via the "JSON" data source of Redash open-source 8.0.0 and prior. Possibly, other connectors are affected. The SSRF is potent and provides a lot of flexibility in terms of being able to craft HTTP requests e.g., by adding...

CVE-2026-22230 OPEXUS eCASE Audit incorrect access control

OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. Fixed in eCASE Platform 11.14.1.0...

EUVD-2020-2949

Malware in sbrugna...

EUVD-2021-11073

Malware in sbrugna...

CVE-2024-11603

A Server-Side Request Forgery SSRF vulnerability exists in lm-sys/fastchat version 0.2.36. The vulnerability is present in the /queue/join? endpoint, where insufficient validation of the path parameter allows an attacker to send crafted requests. This can lead to unauthorized access to internal...

CVE-2024-37037

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ‘Path Traversal’ vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP request...

CVE-2024-2918

Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to forge the displayed group in the PAM JIT elevation checkout request via a specially crafted request...

Exploit for Out-of-bounds Write in Fortinet Fortiproxy

🇮🇱 BringThemHome NeverAgainIsNow 🇮🇱 We demand the...

CVE-2024-0860

The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests...

Command injection

Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and...

Design/Logic Flaw

Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checking the size of the service, resulting in a denial-of-service condition. User Interaction is not required...

Ability to change order address without triggering address validations in solidus

Impact This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipment costs associated with the new shipment. All stores with at least two shipping zones and different costs of shipment per zo...

InnoGames: Create any military unit in any age

Summary of the Issue It's possible to create a sniperbot unit in the bronze age by sending a crafted request to xs1.forgeofempires.com/game/json endpoint Steps to reproduce 1 Login to https://xs1.forgeofempires.com with Chrome browser while observing network tab. 2 Open the poc20200227.html F7304...

Information disclosure

An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side applications by crafting a request for specific files...

CVE-2015-6399

The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management Controller IMC before 2.09 allows remote authenticated users to cause a denial of service IP interface outage via crafted parameters in an HTTP request, aka Bug ID CSCuv38286...

OAuth Request Crafter - Tool that helps you to play with OAuth signature protected URLs

OAuth Request Crafter is a tool that helps you to play with OAuth signature protected URLs. Features Support GET,POST,PUT and DELETE Proxy the Request Tamper URL, Parameters & Headers on the GO Add additional Headers and Cookie Why ? When dealing with OAuth signature protected URLs, For tampering...