5 matches found
EUVD-2026-42076
NocoBase through 2.1.20 contains a server-side request forgery vulnerability in the serverRequest wrapper that allows authenticated administrators to issue arbitrary outbound HTTP requests by supplying malicious URLs to workflow request nodes, custom request action buttons, or the AI plugin...
Incorrect Authorization
Overview org.springframework:spring-webflux is a Spring Framework module that contains support for reactive HTTP and WebSocket clients as well as for reactive server web applications including REST, HTML browser, and WebSocket style interactions. Affected versions of this package are vulnerable t...
Linux Distros Unpatched Vulnerability : CVE-2023-25151
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhtt...
CVE-2023-45142
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...
Cross-site Scripting (XSS)
laminas/laminas-diactoros is vulnerable to cross-site scripting. The vulnerability exists in the fromGlobals function in IncomingRequestFactory.php due to insufficient sanitization in the ServerRequest which allows an attacker to modify server request from x forwarded header via the request paylo...