2 matches found
GHSA-G23J-2VWM-5C25 local-deep-research has an SSRF bypass in `safe_get`
Summary The URL checking logic in local-deep-research has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. Details The current project uses validateurl to validate the input URL. The main logic is to perform security checks on the host portion of the URL extracted by...
CVE-2025-60700
CVE-2025-60700 (D-Link DIR-882) affects DIR-882 routers running DIR882A1_FW102B02 and later?in the provided docs, the vulnerability lies in prog.cgi and librcm.so. The sub_4455BC function stores user-supplied SetDMZSettings/IPAddress values in NVRAM then DMZ_run reads them, concatenates them into...