104 matches found
CVE-2026-15508 Helicone ai-gateway AWS Metadata Service service.rs build_target_url server-side request forgery
A flaw has been found in Helicone ai-gateway up to 0.2.0-beta.30. This affects the function buildtargeturl of the file ai-gateway/src/dispatcher/service.rs of the component AWS Metadata Service. Executing a manipulation of the argument extractedpathandquery can lead to server-side request forgery...
CVE-2026-15508
Helicone ai-gateway (up to 0.2.0-beta.30) is affected. The flaw is in the AWS Metadata Service component, specifically the build_target_url function in ai-gateway/src/dispatcher/service.rs, where manipulating extracted_path_and_query can trigger server-side request forgery. Exploitation is possib...
CVE-2026-56285
Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and uses a hardcoded default HMAC key, allowing unauthenticated attackers to compute valid HMACs for arbitrary URLs. Attackers can retrieve HTTP responses from any host reachable by the server, including...
CVE-2026-30839
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, testwebhooknotifications.php does not validate the target URL against private/reserved IP ranges, enabling full-read SSRF. The server response is returned to the caller. This issue has been patched in...
CVE-2026-28415
A flaw was found in Gradio, an open-source Python package. The redirecttotarget function in Gradio's OAuth flow accepts an unvalidated targeturl query parameter. A remote attacker can exploit this vulnerability by crafting a malicious URL, leading to an open redirect. This allows the attacker to...
GHSA-PFJF-5GXR-995X Gradio has an Open Redirect in its OAuth Flow
Summary The redirecttotarget function in Gradio's OAuth flow accepts an unvalidated targeturl query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback endpoints on Gradio apps with OAuth enabled i.e. apps running on Hugging Face Spaces with...
Open Redirect
Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Open Redirect via the redirecttotarget function in the OAuth flow, which accepts an unvalidated targeturl query parameter. An attacker can redirect...
PYSEC-2026-65
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the redirecttotarget function in Gradio's OAuth flow accepts an unvalidated targeturl query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback...
CVE-2026-28415 Gradio has Open Redirect in OAuth Flow
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the redirecttotarget function in Gradio's OAuth flow accepts an unvalidated targeturl query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback...
CVE-2026-28415 Gradio has Open Redirect in OAuth Flow
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the redirecttotarget function in Gradio's OAuth flow accepts an unvalidated targeturl query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback...
Gradio 输入验证错误漏洞
Gradio is an open-source Python library developed by Google. It provides a user-friendly web interface for demonstrating machine learning models. Prior to version 6.6.0, Gradio had a vulnerability related to input validation. This vulnerability stemmed from the redirecttotarget function in the...
XSS-FINDER
usage python xssscanner.py ╔═════════════════════════════════...
Exploit for Deserialization of Untrusted Data in Facebook React
React2Shell CVE-2025-55182 PoC Usage bash Interacti...
Snitch-Scan
PoC exploit for XSS vulnerability scanner. The target product/se...
EUVD-2010-0345
Malware in sbrugna...
EUVD-2019-4603
Malware in sbrugna...
EUVD-2021-30465
Malicious code in bioql PyPI...
Exploit for CVE-2024-57378
CVE-2024-57378 How does this detection method work? Thi...
WebArena 注入漏洞
WebArena is web-arena-x open source a code repository for building real web environments with autonomous agents. An injection vulnerability exists in WebArena version 0.2.0 and earlier, which stems from code injection due to incorrect manipulation of the parameter targeturl in the file...
Exploit for Authentication Bypass by Primary Weakness in Crushftp
CrushFTP CVE-2025-31161 Exploit Tool 🔓 Advanced detection an...