Malicious code in request-js-validator (npm)

Copy of 'request' library with injected payload. Spawns detached child process that fetches stage-2 and executes via new Function.constructor'require', payload. Same pattern as express-session-js. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

[SECURITY] Fedora 44 Update: cpp-httplib-0.37.1-2.fc44

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include the httplib.h file in your code!...

[SECURITY] Fedora 41 Update: libsoup3-3.6.5-2.fc41

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

CVE-2025-31490 AutoGPT allows SSRF due to DNS Rebinding in requests wrapper

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows SSRF due to DNS Rebinding in requests wrapper. AutoGPT is built with a wrapper around Python's requests library, hardenin...

Elementor Website Builder < 3.12.2 SQL injection Exploit

Elementor Website Builder versions prior to 3.12.2 suffer from a remote SQL injection vulnerability. EXPLOIT Elementor Website Builder Replace URL page. On the Replace URL page, enter any random string as the "New URL" and the following malicious payload as the "Old URL": code :...

Exploit for Improper Access Control in Ruijie Rg-Ew1200G_Firmware

Ruijie-RG-EW1200G CVE-2023-4169CVE-2023-3306CVE-2023-4415 1...

UBUNTU-CVE-2023-28155

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

The vulnerability of the Guzzle client HTTP library, a PHP programming language interpreter, stems from improperly implemented security checks for standard elements, allowing attackers to disclose sensitive information.

The vulnerability of the Guzzle client HTTP library, a programming language interpreter for PHP, is related to improperly implemented security checks for standard elements. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose sensitive information...

PYSEC-2022-43066

The AAmiles package in PyPI v0.1.0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...

got 安全漏洞

got is a user-friendly and powerful HTTP request library for Node.js. A security vulnerability exists in versions of got prior to 12.1.0 that originates from allowing redirection to UNIX sockets...

cn.acooly:acooly-auth-google-authenticator (=5.2.1), cn.acooly:acooly-auth-parent (=5.2.1) +238 more potentially affected by CVE-2019-1010206 via com.github.kevinsawicki:http-request (>=0.6 <=6.0)

com.github.kevinsawicki:http-request MAVEN version =0.6, =6.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.github.kevinsawicki:http-request and may be impacted: - cn.acooly:acooly-auth-google-authenticator =5.2.1 - cn.acooly:acooly-auth-parent...

@hola.org/har-validator (=2.0.6-hola.1), @hola.org/request (>=2.67.0-hola.5 <=2.67.0-hola.6) +46 more potentially affected by CVE-2018-1107 via is-my-json-valid (>=2.10.1 <=2.17.1)

is-my-json-valid NPM version =2.10.1, =2.67.0-hola.5, =2.67.0-lum.3, =1.0.1, =1.2.0, =1.0.0, =0.4.0, =1.0.0, =0.4.1, =0.0.1, =0.0.10 - fsa-creator =0.1.1 - geojsonvalidator =0.0.1 and more Source cves: CVE-2018-1107 Source advisory: OSV:GHSA-4HPF-3WQ7-5RPR...

[SECURITY] [DSA 4541-1] libapreq2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4541-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 04, 2019 https://www.debian.org/security/faq -...

Rails 5.2.1 - Arbitrary File Content Disclosure Exploit

Exploit for multiple platform in category web applications ''' Exploit Title: File Content Disclosure on Rails Date: CVE disclosed 3/16 today's date is 3/20 Exploit Author: NotoriousRebel Vendor Homepage: https://rubyonrails.org/ Software Link: https://github.com/rails/rails Version: Versions...

There are unspecified vulnerabilities in Request

Request is an HTTP request client library . A security vulnerability exists in Request versions 2.2.6 through 2.47.0 and 2.51.0 through 2.67.0. An attacker could exploit this vulnerability to disclose local system memory...

CVE-2017-16026

Request is an http client. If a request is made using multipart, and the body type is a number, then the specified number of non-zero memory is passed in the body. This affects Request =2.2.6 2.51.0 =2.67.0...

PT-2018-6057

Name of the Vulnerable Software and Affected Versions: Request versions 2.2.6 through 2.46.9 Request versions 2.51.0 through 2.67.0 Description: The issue affects the Request library when a multipart request is made and the body type is a number. In such cases, a buffer of the specified size is...

ClipperCMS 1.3.0 - Code Execution

ClipperCMS 1.3.0 - Code Execution !/usr/local/bin/python Exploit for ClipperCMS 1.3.0 Code Execution vulnerability An account is required with rights to file upload eg a user in the Admin, Publisher, or Editor role The server must parse htaccess files for this exploit to work. Curesec GmbH...