404 matches found
CVE-2026-54006
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/v1/calendars/events/eventid/update validates that the caller has write access to the calendar the event currently belongs to, but does not validate the destination calendar...
CVE-2026-8100
CVE-2026-8100 affects Chef 360. The issue arises from improper handling of URL-encoded paths during request processing, allowing an authenticated request to bypass standard access controls and access higher-privilege API endpoints under certain conditions. Impact is deployment/configuration depen...
PT-2026-50803
Name of the Vulnerable Software and Affected Versions Chef 360 versions prior to 1.7.1 Description Improper handling of URL-encoded paths during request processing can allow unauthorized access to protected API endpoints. An authenticated request may bypass standard access controls to gain...
Allocation of Resources Without Limits or Throttling
Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the fetch adapter when finite size limits are configured but not enforced. An attacker can exhaust server resource...
Typebot 安全漏洞
Typebot is an open-source chat bot builder developed by Baptiste Arnaud. Versions of Typebot 3.15.2 and earlier contained a security vulnerability. This vulnerability stemmed from the fact that HTTP request blocks and code blocks validated the initial request URL using validateHttpReqUrl. However...
ROS-20260507-73-0005
Vulnerability in roundcubemail related to lack of validation of received requests. Exploitation of the vulnerability could allow a remote attacker to disclose protected information...
Improper Validation of Syntactic Correctness of Input
Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...
CVE-2026-32857
Firecrawl version 2.8.0 and prior contain a server-side request forgery SSRF protection bypass vulnerability in the Playwright scraping service where network policy validation is applied only to the initial user-supplied URL and not to subsequent redirect destinations. Attackers can supply an...
CVE-2017-20221
Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform administrative actions when...
ROS-20260319-73-0032
Vulnerability in glpi related to insufficient validation of incoming requests. Exploitation of the vulnerability could allow a remote attacker to launch an ssrf attack...
EUVD-2026-12749
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to version 1.4.27, an Elysia cookie can be overridden by prototype pollution , eg. proto. This issue is patched in 1.4.27. As a workaround, use t.Cookie validatio...
CVE-2017-20221
Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform administrative actions when...
CVE-2017-20221 Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution
Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform administrative actions when...
PT-2026-25739
Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform administrative actions when...
CVE-2026-20069
A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct browser-based attacks against users of an affected device. This...
CVE-2026-20069
A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct browser-based attacks against users of an affected device. This...
CVE-2026-20069 Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software VPN Web Services Client-Side Request Smuggling Vulnerability
A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct browser-based attacks against users of an affected device. This...
Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software VPN Web Services Client-Side Request Smuggling Vulnerability
A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct browser-based attacks against users of an affected device. This...
Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 环境问题漏洞
Cisco Secure Firewall Adaptive Security Appliance and Cisco Secure Firewall Threat Defense are products of Cisco, a US company. Cisco Secure Firewall Adaptive Security Appliance is an enterprise-level firewall software. Cisco Secure Firewall Threat Defense is an integrated firewall platform. Both...
ROS-20260216-73-0025
A vulnerability in the Zabbix IT infrastructure monitoring system is related to insufficient server-side request validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain read access to the data...