15334 matches found
BrightSign Digital Signage 8.2.26 - Server-Side Request Forgery
Unauthenticated Server-Side Request Forgery SSRF vulnerability exists in the BrightSign digital signage media player affecting the Diagnostic Web Server DWS. The application parses user supplied data in the 'url' GET parameter to construct a diagnostics request to the Download Speed Test service...
CVE-2026-52840 Easy!Appointments has server-side request forgery in CalDAV connection test that exposes the deployment's internal network
Easy!Appointments is a self hosted appointment scheduler. In versions prior to 1.6.0, Caldav::connecttoserver at application/controllers/Caldav.php:60 hands the request's caldavurl to a Guzzle REPORT call without scheme or host validation. A logged-in backend user admin, provider, or secretary...
CVE-2026-52840
Affected software: Easy!Appointments (self-hosted) prior to 1.6.0. Vulnerability: Server-Side Request Forgery (SSRF) in the CalDAV connection test. In Caldav::connect_to_server (application/controllers/Caldav.php:60), the request’s caldav_url is handed to a Guzzle REPORT call without proper schem...
Malicious code in flick-test-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67f05e70375ac31032fb4fc3abf302d1c1122bf01504f810aa74d9fe59066d36 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-10522 Malicious code in flick-test-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67f05e70375ac31032fb4fc3abf302d1c1122bf01504f810aa74d9fe59066d36 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-10220 Malicious code in @jplopezy/connectivity-test-do-not-install (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94a8451d9e6d0f50b066cc79da664b4ec909dc1fb835c39f938b5a58dd9f8ad5 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @jplopezy/connectivity-test-do-not-install (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94a8451d9e6d0f50b066cc79da664b4ec909dc1fb835c39f938b5a58dd9f8ad5 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
LiteLLM - Command Injection
A critical unauthenticated remote code execution vulnerability exists in LiteLLM due to improper input handling in the MCP stdio test endpoint. An attacker can send a specially crafted request to the /mcp-rest/test/connection endpoint with controlled parameters, resulting in arbitrary command...
CVE-2026-15501
A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function ToolsRoute.testmcpconnection of the file astrbot/dashboard/routes/tools.py of the component MCP Test Endpoint. The manipulation of the argument mcpserverconfig.url leads to...
CVE-2026-15501 AstrBotDevs AstrBot MCP Test Endpoint tools.py ToolsRoute.test_mcp_connection server-side request forgery
A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function ToolsRoute.testmcpconnection of the file astrbot/dashboard/routes/tools.py of the component MCP Test Endpoint. The manipulation of the argument mcpserverconfig.url leads to...
CVE-2026-15501
CVE-2026-15501 affects AstrBot (up to version 4.25.2). The vulnerability is in the function ToolsRoute.test_mcp_connection (astrbot/dashboard/routes/tools.py, MCP Test Endpoint), where manipulating mcp_server_config.url leads to server-side request forgery (SSRF). The attack is remotely exploitab...
EUVD-2026-43237
A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function ToolsRoute.testmcpconnection of the file astrbot/dashboard/routes/tools.py of the component MCP Test Endpoint. The manipulation of the argument mcpserverconfig.url leads to...
CVE-2026-56252
Capgo before 12.128.2 contains a scope isolation vulnerability in the POST /webhooks/test endpoint that allows app-scoped API keys to invoke org-scoped webhook operations. Attackers with app-scoped credentials can trigger signed outbound webhook deliveries for arbitrary organization webhooks...
CVE-2026-56252 Capgo - Scope Isolation Failure in Webhook Test Endpoint
Capgo before 12.128.2 contains a scope isolation vulnerability in the POST /webhooks/test endpoint that allows app-scoped API keys to invoke org-scoped webhook operations. Attackers with app-scoped credentials can trigger signed outbound webhook deliveries for arbitrary organization webhooks...
EUVD-2026-43225
Capgo before 12.128.2 contains a scope isolation vulnerability in the POST /webhooks/test endpoint that allows app-scoped API keys to invoke org-scoped webhook operations. Attackers with app-scoped credentials can trigger signed outbound webhook deliveries for arbitrary organization webhooks...
CVE-2026-56252
Capgo before 12.128.2 is affected by a scope isolation vulnerability in the POST /webhooks/test endpoint. The issue allows app-scoped API keys to invoke organization-scoped webhook operations, enabling attackers with app-scoped credentials to trigger signed outbound webhook deliveries for arbitra...
CVE-2026-15481 Trendnet TEW-635BRM IPoA WAN Connection Setup rc ipoa_test command injection
A security flaw has been discovered in Trendnet TEW-635BRM up to 1.00.03. This vulnerability affects the function ipoatest of the file /sbin/rc of the component IPoA WAN Connection Setup. Performing a manipulation of the argument ipoaipaddr results in command injection. The attack is possible to ...
EUVD-2026-43203
A security flaw has been discovered in Trendnet TEW-635BRM up to 1.00.03. This vulnerability affects the function ipoatest of the file /sbin/rc of the component IPoA WAN Connection Setup. Performing a manipulation of the argument ipoaipaddr results in command injection. The attack is possible to ...
CVE-2026-15481
The CVE-2026-15481 affects Trendnet TEW-635BRM firmware up to 1.00.03, specifically the IPoA WAN Connection Setup component’s /sbin/rc function ipoa_test. A manipulation of the ipoa_ipaddr argument enables remote command injection, with network access as the attack vector and no user interaction ...
Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: python3.11: python3.11-3.11.15-5.2.hum1 aarch64, x8664 python3.11-debug-3.11.15-5.2.hum1 aarch64, x8664 python3.11-devel-3.11.15-5.2.hum1 aarch64, x8664 python3.11-idle-3.11.15-5.2.hum1 aarch64,...