4 matches found
CVE-2026-45748 Termix Vulnerable to Remote Code Execution via SSH Tunnel Forward Command Injection
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The POST /ssh/tunnel/connect endpoint in Termix prior to version 2.3.2 builds an SSH tunnel command by interpolating user-controlled host record fields endpointIP, endpointUsername,...
EUVD-2023-2851
Malicious code in bioql PyPI...
CVE-2023-46729 Sentry Next.js vulnerable to SSRF via Next.js SDK tunnel endpoint
sentry-javascript provides Sentry SDKs for JavaScript. An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This issue only affects users who have Next.js SDK tunneling feature enabled. The problem has bee...
Sentry Next.js vulnerable to SSRF via Next.js SDK tunnel endpoint
Impact An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This could open door for other attack vectors: client-side vulnerabilities: XSS/CSRF in the context of the trusted domain; interaction with...