CVE-2026-7412

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...

CVE-2026-22905

An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences e.g., /js/../cgi-bin/post.cgi, gaining unauthorized access to protected CGI endpoints and configuration downloads...

(0Day) Schneider Electric EcoStruxure Power Monitoring Expert ExportDataAsXML Server-Side Request Forgery Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric EcoStruxure Power Monitoring Expert. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the ExportDataAsXML...

PT-2024-39776 · Posthog · Posthog

Name of the Vulnerable Software and Affected Versions: PostHog affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this issue. The specific flaw exists within...

squid: improper input validation may allow a trusted client to perform HTTP request smuggling

A flaw was found in squid. Due to improper validation while parsing the request URI, squid is vulnerable to HTTP request smuggling. This issue could allow a trusted client to perform an HTTP request smuggling attack and access services otherwise forbidden by squid. The highest threat from this...