16 matches found
PYSEC-2026-444 Code Injection in paddlepaddle
The vulnerability arises from the way the url parameter is incorporated into the command string without proper validation or sanitization. If the url is constructed from untrusted sources, an attacker could potentially inject malicious commands...
CVE-2026-40242 Arcane Unauthenticated SSRF with Conditional Response Reflection in Template Fetch Endpoint
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.17.3, the /api/templates/fetch endpoint accepts a caller-supplied url parameter and performs a server-side HTTP GET request to that URL without authentication and without URL scheme or host validation...
CVE-2026-35486
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, he superbooga and superboogav2 RAG extensions fetch user-supplied URLs via requests.get with zero validation — no scheme check, no IP filtering, no hostname allowlist. An attacker can access clo...
PT-2026-30677
The whisperX API is a tool for enhancing and analyzing audio content. From 0.3.1 to 0.5.0, FileService.download from url in app/services/file service.py calls requests.geturl with zero URL validation. The file extension check occurs AFTER the HTTP request is already made, and can be bypassed by...
Server-side Request Forgery (SSRF)
Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the downloadfile function when the url parameter is not validated before being passed to the HTTP...
HAPI FHIR 代码问题漏洞
HAPI FHIR is an open-source Java-based HL7 FHIR API developed by HAPI FHIR. Versions of HAPI FHIR prior to 6.9.4 contained code vulnerabilities. These vulnerabilities stemmed from the /loadIG endpoint of the FHIR Validator HTTP service, which did not validate the URL provided by the user,...
AVideo: Full-Read SSRF Through Unvalidated statsURL Parameter in plugin/Live/test.php
Summary The plugin/Live/test.php endpoint accepts a URL via the statsURL parameter and fetches it server-side using filegetcontents, curlexec, or wget, returning the full response content in the HTML output. The only validation is a trivial regex /^http/ that does not block requests to...
Budibase 代码问题漏洞
Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Budibase versions 3.30.6 and earlier have code vulnerabilities. These vulnerabilities stem from the fact that the REST data...
CVE-2026-28476 OpenClaw < 2026.2.14 - Server-Side Request Forgery in Tlon Extension Authentication
OpenClaw versions prior to 2026.2.14 contain a server-side request forgery vulnerability in the optional Tlon Urbit extension that accepts user-provided base URLs for authentication without proper validation. Attackers who can influence the configured Urbit URL can induce the gateway to make HTTP...
WordPress plugin Printful Integration for WooCommerce 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
dify 代码问题漏洞
dify is an open source LLM application development platform from LangGenius Open Source. A code issue vulnerability exists in version 0.10.1 of dify, which stems from an unvalidated URL and could lead to a server-side request forgery attack...
Lunary 代码问题漏洞
lunary is a production toolkit for LLM. A cross-site request forgery vulnerability exists in lunary, which stems from a failure to validate a user-supplied URL, and can be exploited by an attacker to disclose sensitive information...
PT-2024-15634
Name of the Vulnerable Software and Affected Versions paddlepaddle/paddle affected versions not specified Description The issue arises from the way the url parameter is incorporated into the command string without proper validation or sanitization. If the url is constructed from untrusted sources...
PT-2023-32240 · Facebook · React Developer Tools
Name of the Vulnerable Software and Affected Versions: React Developer Tools extension affected versions not specified Description: The React Developer Tools extension has a message listener registered with window.addEventListener'message', in a content script accessible to any active webpage in...
SUSE CVE-2018-12907
In Rclone 1.42, use of "rclone sync" to migrate data between two Google Cloud Storage buckets might allow attackers to trigger the transmission of any URL's content to Google, because there is no validation of a URL field received from the Google Cloud Storage API server, aka a "RESTLESS" issue...
PT-2019-4622 · Django Software Foundation +3 · Django +3
Name of the Vulnerable Software and Affected Versions: Django versions 1.11 through 1.11.20 Django versions 2.1 through 2.1.8 Django versions 2.2 through 2.2.1 Description: The issue is related to the AdminURLFieldWidget function in the Django web development framework, which is associated with...