7 matches found
CVE-2026-7221
A vulnerability was found in TencentCloudBase CloudBase-MCP up to 2.17.0. Affected is the function openUrl of the file mcp/src/interactive-server.ts of the component open-url API Endpoint. The manipulation of the argument req.body.url results in server-side request forgery. It is possible to laun...
CVE-2026-7221
A vulnerability was found in TencentCloudBase CloudBase-MCP up to 2.17.0. Affected is the function openUrl of the file mcp/src/interactive-server.ts of the component open-url API Endpoint. The manipulation of the argument req.body.url results in server-side request forgery. It is possible to laun...
CVE-2026-7221
A vulnerability was found in TencentCloudBase CloudBase-MCP up to 2.17.0. Affected is the function openUrl of the file mcp/src/interactive-server.ts of the component open-url API Endpoint. The manipulation of the argument req.body.url results in server-side request forgery. It is possible to laun...
PT-2026-35653
A vulnerability was found in TencentCloudBase CloudBase-MCP up to 2.17.0. Affected is the function openUrl of the file mcp/src/interactive-server.ts of the component open-url API Endpoint. The manipulation of the argument req.body.url results in server-side request forgery. It is possible to laun...
CVE-2026-6486
CVE-2026-6486 affects classroombookings up to version 2.17.0; the read() function in crbs-core/application/views/layout.php (User Display Name Handler) is vulnerable to cross-site scripting via the displayname argument. Exploitation is possible remotely; exploitation is documented as PoC. A fix i...
Off-by-one Error
Overview Affected versions of this package are vulnerable to Off-by-one Error via the FcFontCapabilities function in fcfreetype.c. An attacker can cause a one-byte out-of-bounds write, potentially leading to a crash or execution of arbitrary code by supplying crafted input that triggers the...
[SECURITY] [DLA 4444-1] apache-log4j2 security update
Debian LTS Advisory DLA-4444-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany January 19, 2026 https://wiki.debian.org/LTS Package : apache-log4j2 Version : 2.17.1-1deb11u2 CVE ID : CVE-2025-68161 Debian Bug : 1123744 In Apache Log4j2, a Java Logging Framework, t...