CVE-2026-41171 SSRF via Jint Scripting Engine HTTP Functions Due to Missing SSRF Protection on "Jint" HttpClient

Squidex is an open source headless content management system and content management hub. Versions prior to 7.23.0 have a Server-Side Request Forgery SSRF vulnerability due to missing SSRF protection on the Jint HTTP client used by scripting engine functions getJSON, request, etc.. An authenticate...

GHSA-M7RC-8W7M-R9QR SurrealDB vulnerable to memory exhaustion via nested functions and scripts

In order to prevent DoS situations due to infinite recursions, SurrealDB implements a limit of nested calls for both native functions and embedded JavaScript functions. However, in SurrealDB instances with embedded scripting functions enabled, it was found that this limit can be circumvented by...

Analysis of web Trojan analysis automated 2 tricks-vulnerability warning-the black bar safety net

Now online web Trojans and more are several sets of a fixed code, The changes are not many, including script code encryption methods, almost all is to explain the type of encryption, since the hack is performed the process of hanging horse, Inglés for the automated analysis of web Trojan also...

Aladdin Knowledge Systems eSafe Gateway 3.0 - HTML tag Script-filtering Bypass

Aladdin Knowledge Systems eSafe Gateway 3.0 - HTML tag Script-filtering Bypass source: https://www.securityfocus.com/bid/2800/info eSafe Gateway is a security utility used for filtering internet content. It is possible to craft an html file that slips through eSafe Gateway's script filtering...