Lucene search
K

121641 matches found

NVD
NVD
added 2026/03/29 5:16 p.m.5 views

CVE-2026-34005

In Sofia on Xiongmai DVR/NVR AHB7008T-MH-V2 and NBD7024H-P 4.03.R11 devices, root OS command injection can occur via shell metacharacters in the HostName value via an authenticated DVRIP protocol TCP port 34567 request to the NetWork.NetCommon configuration handler, because system is used...

8.8CVSS0.01539EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/29 3:48 p.m.12 views

OpenClaw: Feishu webhook reads and parses unauthenticated request bodies before signature validation

Summary Feishu webhook reads and parses unauthenticated request bodies before signature validation Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Feishu...

7.5CVSS5.9AI score0.00436EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/03/29 3:48 p.m.6 views

Server-side Request Forgery (SSRF)

Overview @openclaw/mattermost is an OpenClaw Mattermost channel plugin Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetch process in multiple channel extensions when outbound requests are made to configured base URLs without proper validation. An...

8.8CVSS5.9AI score0.00244EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/29 3:48 p.m.10 views

OpenClaw: SSRF via Unguarded Configured Base URLs in Multiple Channel Extensions (Incomplete Fix for CVE-2026-28476)

Summary SSRF via Unguarded Configured Base URLs in Multiple Channel Extensions Incomplete Fix for CVE-2026-28476 Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24...

8.3CVSS5.9AI score0.00244EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/29 3:23 p.m.3 views

GHSA-W4GP-FJGQ-3Q4G Happy DOM's fetch credentials include uses page-origin cookies instead of target-origin cookies

Summary happy-dom may attach cookies from the current page origin window.location instead of the request target URL when fetch..., credentials: "include" is used. This can leak cookies from origin A to destination B. Details In packages/happy-dom/src/fetch/utilities/FetchRequestHeaderUtility.ts...

7.5CVSS5.8AI score0.00458EPSS
Exploits1References7
GithubExploit
GithubExploit
added 2026/03/29 2:31 p.m.259 views

Exploit for Server-Side Request Forgery in Apache Cxf

Apache CXF XOP Include LFI CVE-2022-46364 Overview This...

9.8CVSS6.7AI score0.0193EPSS
Exploits5
ATTACKERKB
ATTACKERKB
added 2026/03/29 12:44 p.m.4 views

CVE-2026-32972

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing authenticated operators with only operator.write permission to access admin-only browser profile management routes through browser.request. Attackers can create or modify browser profiles and persist...

7.1CVSS5.9AI score0.00288EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/29 12:0 a.m.6 views

PT-2026-28453

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.11 Description An authorization bypass exists that allows authenticated operators with operator.write permission to access admin-only browser profile management routes via browser.request. This allows attacker...

7.1CVSS5.9AI score0.00288EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.6 views

CVE-2026-31943

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, isPrivateIP in packages/api/src/auth/domain.ts fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requests ...

8.5CVSS5.9AI score0.00213EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.4 views

CVE-2026-33991

WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file html/socio/sistema/deletartag.php uses extract$REQUEST on line 14 and directly concatenates the $idtag variable into SQL queries on lines 16-17 without prepared statements or sanitization. Version 3.6.7 patches t...

8.8CVSS5.9AI score0.00392EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/28 9:45 p.m.1 views

CVE-2026-5016

A vulnerability was identified in elecV2 elecV2P up to 3.8.3. This affects the function eAxios of the file /mock of the component URL Handler. Such manipulation of the argument req leads to server-side request forgery. It is possible to launch the attack remotely. The exploit is publicly availabl...

7.5CVSS6.8AI score0.003EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/03/28 7:16 p.m.7 views

CVE-2025-15604

Amon2 versions before 6.17 for Perl use an insecure randomstring implementation for security functions. In versions 6.06 through 6.16, the randomstring function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes by concatenating a SHA-1 has...

9.8CVSS0.00521EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/03/28 6:28 p.m.4 views

SUSE CVE-2026-2455

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation which allows an attacker to perform SSRF attacks against internal services via IPv4-mapped IPv6 literals e.g., ::ffff:127.0.0.1.. Mattermost...

4.3CVSS5.9AI score0.00165EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/28 4:59 p.m.5 views

CVE-2026-33766

WWBN AVideo is an open source video platform. In versions up to and including 26.0, isSSRFSafeURL validates URLs against private/reserved IP ranges before fetching, but urlgetcontents follows HTTP redirects without re-validating the redirect target. An attacker can bypass SSRF protection by...

6.5CVSS5.9AI score0.00233EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/28 4:59 p.m.4 views

CVE-2026-4960

A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotel...

9CVSS8AI score0.00773EPSS
Exploits1References1
CVE
CVE
added 2026/03/28 11:58 a.m.11 views

CVE-2018-25221

Affected product: EChat Server 3.1. Vulnerability: Buffer overflow in the chat.ghp endpoint, exploitable by sending a GET request with an oversized username value, leading to remote code execution in the application context. The provided description states that shellcode and ROP gadgets can be us...

9.8CVSS6.8AI score0.00822EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/28 11:58 a.m.3 views

CVE-2018-25221 EChat Server 3.1 Buffer Overflow via chat.ghp username Parameter

EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing shellcode and ROP gadgets...

9.8CVSS6.8AI score0.00822EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/28 11:58 a.m.2 views

CVE-2018-25221

EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing shellcode and ROP gadgets...

9.8CVSS6.8AI score0.00822EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/28 10:51 a.m.4 views

CVE-2026-22742

Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery SSRF vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server to issue HTTP requests...

8.6CVSS5.9AI score0.00353EPSS
Exploits0References1
Hacker One
Hacker One
added 2026/03/28 9:39 a.m.35 views

curl: CRLF Injection in HAProxy PROXY Protocol via CURLOPT_HAPROXY_CLIENT_IP allows IP spoofing and protocol injection

Summary: CURLOPTHAPROXYCLIENTIP introduced in curl 8.2.0 accepts arbitrary strings without any validation or sanitization before injecting them into the HAProxy PROXY protocol v1 header. An attacker who can influence the value passed to this option e.g., through a web application that proxies...

6.1AI score
Exploits0
Rows per page
Query Builder