Lucene search
K

121627 matches found

Veracode
Veracode
added 2026/04/28 8:13 a.m.7 views

Improper Input Encoding

Axios is vulnerable to Improper Input Encoding. The vulnerability is due to incorrect character mapping in the encode function, where safely percent-encoded null bytes %00 are converted back to raw null bytes, potentially leading to unsafe request data handling in affected usage scenarios...

3.7CVSS5.2AI score0.00217EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/28 7:6 a.m.35 views

CVE-2024-54013 Authentication Bypass

Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that could, under certain conditions, lead to unintended access to protected functions. The manufacturer has released patch firmware for the flaw, please refer to the...

8.7CVSS0.00193EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/28 7:6 a.m.4 views

CVE-2024-54013

Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that could, under certain conditions, lead to unintended access to protected functions. The manufacturer has released patch firmware for the flaw, please refer to the...

8.7CVSS5.4AI score0.00193EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/28 7:6 a.m.11 views

EUVD-2024-55560

Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that could, under certain conditions, lead to unintended access to protected functions. The manufacturer has released patch firmware for the flaw, please refer to the...

8.7CVSS5.3AI score0.00193EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/28 6:30 a.m.25 views

Server-side Request Forgery (SSRF)

Overview @dadigua/hyperchat is a HyperChat Core - Node.js backend and CLI tool with AI chat, MCP support Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetch function in the AI Proxy Middleware component when processing the baseurl argument. An attack...

7.5CVSS7.2AI score0.00278EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/28 6:15 a.m.30 views

CVE-2026-7234 BrowserOperator browser-operator-core server.js startsWith path traversal

A weakness has been identified in BrowserOperator browser-operator-core up to 0.6.0. Affected is the function startsWith of the file scripts/componentserver/server.js. Executing a manipulation of the argument request.url can lead to path traversal. The attack can be launched remotely. The exploit...

7.5CVSS0.00428EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/28 6:15 a.m.6 views

EUVD-2026-26001

A weakness has been identified in BrowserOperator browser-operator-core up to 0.6.0. Affected is the function startsWith of the file scripts/componentserver/server.js. Executing a manipulation of the argument request.url can lead to path traversal. The attack can be launched remotely. The exploit...

7.5CVSS5.2AI score0.00428EPSS
Exploits0References5
NVD
NVD
added 2026/04/28 4:16 a.m.4 views

CVE-2026-7221

A vulnerability was found in TencentCloudBase CloudBase-MCP up to 2.17.0. Affected is the function openUrl of the file mcp/src/interactive-server.ts of the component open-url API Endpoint. The manipulation of the argument req.body.url results in server-side request forgery. It is possible to laun...

7.5CVSS0.00298EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/04/28 4:0 a.m.3 views

CVE-2026-7223 BigSweetPotatoStudio HyperChat AI Proxy Middleware aiProxyMiddleware.mts fetch server-side request forgery

A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...

7.5CVSS7.1AI score0.00278EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/28 4:0 a.m.3 views

EUVD-2026-25980

A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...

7.5CVSS7.1AI score0.00278EPSS
Exploits0References5
CVE
CVE
added 2026/04/28 4:0 a.m.14 views

CVE-2026-7223

CVE-2026-7223 affects BigSweetPotatoStudio HyperChat (up to 2.0.0-alpha.63) in the AI Proxy Middleware, specifically the fetch function in packages/core/src/http/aiProxyMiddleware.mts. The issue results from manipulation of the baseurl argument, enabling server-side request forgery. The attack is...

7.5CVSS5.2AI score0.00278EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/28 3:30 a.m.30 views

CVE-2026-7221 TencentCloudBase CloudBase-MCP open-url API Endpoint interactive-server.ts openUrl server-side request forgery

A vulnerability was found in TencentCloudBase CloudBase-MCP up to 2.17.0. Affected is the function openUrl of the file mcp/src/interactive-server.ts of the component open-url API Endpoint. The manipulation of the argument req.body.url results in server-side request forgery. It is possible to laun...

7.5CVSS0.00298EPSS
Exploits0References8
Fedora
Fedora
added 2026/04/28 1:35 a.m.8 views

[SECURITY] Fedora 44 Update: ngtcp2-1.22.1-1.fc44

"Call it TCP/2. One More Time." ngtcp2 project is an effort to implement RFC9000 QUIC protocol...

7.5CVSS5.2AI score0.00579EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/04/28 1:22 a.m.4 views

CVE-2026-30350

An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service DoS via a crafted POST request...

7.5CVSS5.3AI score0.00366EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/28 1:22 a.m.4 views

CVE-2026-26150

Server-side request forgery ssrf in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network...

10CVSS5.2AI score0.00566EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/28 1:22 a.m.6 views

CVE-2026-35901

A handling issue in the RTSP service of the Mercury MIPC252W 1.0.5 Build 230306 Rel.79931n allows an authenticated attacker to trigger session termination by repeatedly sending SETUP requests for the same media track within a single RTSP session. This causes the server to reset the RTSP connectio...

4.4CVSS5.3AI score0.00247EPSS
Exploits1References1
Fedora
Fedora
added 2026/04/28 1:15 a.m.4 views

[SECURITY] Fedora 42 Update: libcoap-4.3.5b-1.fc42

The Constrained Application Protocol CoAP is a specialized web transfer protocol for use with constrained nodes and constrained networks in the Inter net of Things. The protocol is designed for machine-to-machine M2M applications such as smart energy and building automation. libcoap implements a...

9.8CVSS5.2AI score0.00296EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.8 views

OpenClaw 代码问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.8 had code vulnerabilities. These vulnerabilities stemmed from a server-side request forgery strategy that bypassed security measures. This could allow attackers to trigger...

7.6CVSS5.9AI score0.0021EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.4 views

PT-2026-35747

Name of the Vulnerable Software and Affected Versions Pony Mail Lua implementation affected versions not specified Description Inconsistent interpretation of HTTP requests, known as HTTP Request/Response Smuggling, allows for admin account takeover. This occurs when a front-end server and a...

9.8CVSS5.8AI score0.00444EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.6 views

PT-2026-35749

A vulnerability affecting the detailed versions of Cryptobox allows a legitimate user to prevent another to login by triggering an account lockout via sending a specially crafted request...

7.1CVSS5.3AI score0.00256EPSS
Exploits0References1
Rows per page
Query Builder