88 matches found
WWBN AVideo 代码问题漏洞
WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained code vulnerabilities. These vulnerabilities stemmed from the isSSRFSafeURL function in objects/functions.php, which had a short-circuit syntax within the same...
CVE-2026-39974
n8n-MCP is a Model Context Protocol MCP server that provides AI assistants with comprehensive access to n8n node documentation, properties, and operations. Prior to 2.47.4, an authenticated Server-Side Request Forgery in n8n-mcp allows a caller holding a valid AUTHTOKEN to cause the server to iss...
PT-2026-30739
Name of the Vulnerable Software and Affected Versions Open edX Platform affected versions not specified Description The Open edX Platform allows for the creation and delivery of online learning content. The view survey API endpoint is susceptible to an open redirect issue due to the lack of...
GHSA-G39V-QRJ6-JXRH AVideo: IDOR in AI Plugin Allows Stealing Other Users' AI-Generated Metadata and Transcriptions
Summary The AI plugin's save.json.php endpoint loads AI response objects using an attacker-controlled $REQUEST'id' parameter without validating that the AI response belongs to the specified video. An authenticated user with AI permissions can reference any AI response ID — including those generat...
CVE-2026-33911
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the POST parameter title is reflected back in a JSON response built with jsonencode. Because the response is served with a text/html Content-Type, the browser...
SiYuan has a Full-Read SSRF via /api/network/forwardProxy
Summary The /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and headers. There is no URL validation to prevent requests to...
CVE-2025-67733
Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same...
CVE-2025-67733
Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same...
Mattermost fails to properly validate team membership when processing channel mentions
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate team membership when processing channel mentions which allows authenticated users to determine the existence of teams and their URL names via posting channel shortlinks and observing the...
📄 Django Summernote 0.8.20.0 Unrestricted File Upload Scanner
This Metasploit Auxiliary Scanner module detects unrestricted file upload vulnerabilities in django-summernote. It targets misconfigurations where image validation depends on the Pillow library and allows non-image files to be uploaded when Pillow is missing. The module safely scans common upload...
EUVD-2007-3383
Malware in sbrugna...
EUVD-2022-4181
Malicious code in bioql PyPI...
Libopensc: uninitialized values after incorrect check or usage of apdu response values in libopensc
...
Linux Distros Unpatched Vulnerability : CVE-2019-16779
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would lea...
Linux Distros Unpatched Vulnerability : CVE-2025-32366
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In ConnMan through 1.44, parserr in dnsproxy.c has a memcpy length that depends on an RR RDLENGTH value, i.e., rdlen=ntohsrr-rdlen and...
SUSE CVE-2025-54956
The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the Authorization header from the corresponding HTTP request...
CVE-2025-47711
There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error,...
SUSE CVE-2021-37939
It was discovered that Kibana's JIRA connector & IBM Resilient connector could be used to return HTTP response data on internal hosts, which may be intentionally hidden from public view. Using this vulnerability, a malicious user with the ability to create connectors, could utilize these connecto...
PT-2025-48535
Name of the Vulnerable Software and Affected Versions python3.9 python3.11 python3.13 Description When reading an HTTP response from a server, if no read amount is specified, the default behavior is to use Content-Length. This allows a malicious server to cause the client to read large amounts of...
BIT-ENVOY-2021-43825 Use-after-free in Envoy
Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered dat...