7 matches found
CVE-2026-41195 mosparo: Rule package source URL stored SSRF enables internal HTTP probing
mosparo is the modern solution to protect your online forms from spam. Prior to 1.4.13, the automatic rule package source URL feature allows a project member with the editor role to store an attacker-controlled URL that the server later fetches. Because the server follows http/https redirects and...
CVE-2026-41195 mosparo: Rule package source URL stored SSRF enables internal HTTP probing
mosparo is the modern solution to protect your online forms from spam. Prior to 1.4.13, the automatic rule package source URL feature allows a project member with the editor role to store an attacker-controlled URL that the server later fetches. Because the server follows http/https redirects and...
CVE-2026-41195
In mosparo, a vulnerability exists prior to version 1.4.13 where a project member with the editor role can abuse the automatic rule package source URL feature to store an attacker-controlled URL that the server fetches. The server follows HTTP/HTTPS redirects and does not restrict private or loop...
PT-2026-40450
mosparo is the modern solution to protect your online forms from spam. Prior to 1.4.13, the automatic rule package source URL feature allows a project member with the editor role to store an attacker-controlled URL that the server later fetches. Because the server follows http/https redirects and...
mosparo 代码问题漏洞
Mosparo is a modern spam protection software developed under open source. Versions of Mosparo prior to 1.4.13 had code vulnerabilities. These vulnerabilities stemmed from the automatic rule package source URL feature, which allowed project members with editor roles to store URLs controlled by...
Malicious code in test-rule-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aa888ca30e7e2ad22793e2eefd4a5d8529cf876ef40b096470c681371f79f07f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6492 Malicious code in test-rule-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aa888ca30e7e2ad22793e2eefd4a5d8529cf876ef40b096470c681371f79f07f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...