Oracle Coherence 15.1.1.0.x < 15.1.1.0.3 Multiple Vulnerabilities (June 2026 CPU)

The 15.1.1.0.0 version of Coherence installed on the remote host is affected by multiple vulnerabilities as referenced in the June 2026 CPU advisory. - Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware component: Centralized Third Party Jars. The supported version that is...

HP OfficeJet Pro 安全漏洞

The HP OfficeJet Pro is a multi-functional all-in-one printer from the American company Hewlett-Packard HP. The HP OfficeJet Pro has a security vulnerability, which stems from improper configuration of cross-source resource sharing. This vulnerability may allow unauthorized web access to device...

PT-2025-52632

Name of the Vulnerable Software and Affected Versions Sharp Display Solutions Media Player MP-01 affected versions not specified Description A critical issue exists in Sharp Display Solutions Media Player MP-01 where a missing authentication check for a critical function allows unauthorized acces...

Minder 安全漏洞

Minder is an open source platform that helps development teams and the open source community build more secure software and prove to others that the software they build is secure. A security vulnerability exists in Minder that stems from improper content acquisition and could lead to unauthorized...

CVE-2020-29552

An issue was discovered in URVE Build 24.03.2020. By using the internal/pc/vpro.php?mac=0=0=0=0=0%3bpowershell+-c+" substring, it is possible to execute a Powershell command and redirect its output to a file under the web root...

CVE-2024-11031

In version 3.83 of binary-husky/gptacademic, a Server-Side Request Forgery SSRF vulnerability exists in the MarkdownTranslate.getfilesfromeverything API. This vulnerability is exploited through the HotReloadMarkdown翻译中 plugin function, which allows downloading arbitrary web hosts by only checking...

CVE-2024-11030 SSRF in binary-husky/gpt_academic

GPT Academic version 3.83 is vulnerable to a Server-Side Request Forgery SSRF vulnerability through its HotReload plugin function, which calls the crazyutils.getfilesfromeverything API without proper sanitization. This allows attackers to exploit the vulnerability to abuse the victim GPT Academic...

CVE-2024-9309 SSRF in POST /worker_generate_stream API endpoint in haotian-liu/llava

A Server-Side Request Forgery SSRF vulnerability exists in the POST /workergeneratestream API endpoint of the Controller API Server in haotian-liu/llava version v1.2.0 LLaVA-1.6. This vulnerability allows attackers to exploit the victim Controller API Server's credentials to perform unauthorized...

CVE-2024-10044

CVE-2024-10044 describes a Server-Side Request Forgery (SSRF) in the lm-sys/fastchat Controller API Server, affecting the POST /worker_generate_stream endpoint. The vulnerability allows an attacker to misuse the controller API server’s credentials to perform unauthorized web actions or access res...

CVE-2022-21266

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications component: Pipeline Manager. Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access...

Oracle Fusion Middleware Input Validation Error Vulnerability (CNVD-2021-33848)

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle USA. The platform provides middleware, software collection and other functions. Oracle Fusion Middleware Oracle Outside In Technology Outside In Filters...

Microsoft ASP.NET 1.x - URI Canonicalization Unauthorized Web Access

Microsoft ASP.NET 1.x - URI Canonicalization Unauthorized Web Access source: https://www.securityfocus.com/bid/11342/info Microsoft ASP.NET is reported prone to a remote information-disclosure vulnerability because the application fails to properly secure documents when handling malformed URI...