121627 matches found
Improper Input Encoding
Axios is vulnerable to Improper Input Encoding. The vulnerability is due to incorrect character mapping in the encode function, where safely percent-encoded null bytes %00 are converted back to raw null bytes, potentially leading to unsafe request data handling in affected usage scenarios...
CVE-2024-54013 Authentication Bypass
Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that could, under certain conditions, lead to unintended access to protected functions. The manufacturer has released patch firmware for the flaw, please refer to the...
CVE-2024-54013
Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that could, under certain conditions, lead to unintended access to protected functions. The manufacturer has released patch firmware for the flaw, please refer to the...
EUVD-2024-55560
Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that could, under certain conditions, lead to unintended access to protected functions. The manufacturer has released patch firmware for the flaw, please refer to the...
Server-side Request Forgery (SSRF)
Overview @dadigua/hyperchat is a HyperChat Core - Node.js backend and CLI tool with AI chat, MCP support Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetch function in the AI Proxy Middleware component when processing the baseurl argument. An attack...
CVE-2026-7234 BrowserOperator browser-operator-core server.js startsWith path traversal
A weakness has been identified in BrowserOperator browser-operator-core up to 0.6.0. Affected is the function startsWith of the file scripts/componentserver/server.js. Executing a manipulation of the argument request.url can lead to path traversal. The attack can be launched remotely. The exploit...
EUVD-2026-26001
A weakness has been identified in BrowserOperator browser-operator-core up to 0.6.0. Affected is the function startsWith of the file scripts/componentserver/server.js. Executing a manipulation of the argument request.url can lead to path traversal. The attack can be launched remotely. The exploit...
CVE-2026-7221
A vulnerability was found in TencentCloudBase CloudBase-MCP up to 2.17.0. Affected is the function openUrl of the file mcp/src/interactive-server.ts of the component open-url API Endpoint. The manipulation of the argument req.body.url results in server-side request forgery. It is possible to laun...
CVE-2026-7223 BigSweetPotatoStudio HyperChat AI Proxy Middleware aiProxyMiddleware.mts fetch server-side request forgery
A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...
EUVD-2026-25980
A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...
CVE-2026-7223
CVE-2026-7223 affects BigSweetPotatoStudio HyperChat (up to 2.0.0-alpha.63) in the AI Proxy Middleware, specifically the fetch function in packages/core/src/http/aiProxyMiddleware.mts. The issue results from manipulation of the baseurl argument, enabling server-side request forgery. The attack is...
CVE-2026-7221 TencentCloudBase CloudBase-MCP open-url API Endpoint interactive-server.ts openUrl server-side request forgery
A vulnerability was found in TencentCloudBase CloudBase-MCP up to 2.17.0. Affected is the function openUrl of the file mcp/src/interactive-server.ts of the component open-url API Endpoint. The manipulation of the argument req.body.url results in server-side request forgery. It is possible to laun...
[SECURITY] Fedora 44 Update: ngtcp2-1.22.1-1.fc44
"Call it TCP/2. One More Time." ngtcp2 project is an effort to implement RFC9000 QUIC protocol...
CVE-2026-30350
An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service DoS via a crafted POST request...
CVE-2026-26150
Server-side request forgery ssrf in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network...
CVE-2026-35901
A handling issue in the RTSP service of the Mercury MIPC252W 1.0.5 Build 230306 Rel.79931n allows an authenticated attacker to trigger session termination by repeatedly sending SETUP requests for the same media track within a single RTSP session. This causes the server to reset the RTSP connectio...
[SECURITY] Fedora 42 Update: libcoap-4.3.5b-1.fc42
The Constrained Application Protocol CoAP is a specialized web transfer protocol for use with constrained nodes and constrained networks in the Inter net of Things. The protocol is designed for machine-to-machine M2M applications such as smart energy and building automation. libcoap implements a...
OpenClaw 代码问题漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.8 had code vulnerabilities. These vulnerabilities stemmed from a server-side request forgery strategy that bypassed security measures. This could allow attackers to trigger...
PT-2026-35747
Name of the Vulnerable Software and Affected Versions Pony Mail Lua implementation affected versions not specified Description Inconsistent interpretation of HTTP requests, known as HTTP Request/Response Smuggling, allows for admin account takeover. This occurs when a front-end server and a...
PT-2026-35749
A vulnerability affecting the detailed versions of Cryptobox allows a legitimate user to prevent another to login by triggering an account lockout via sending a specially crafted request...