4 matches found
CVE-2025-44594
halo v2.20.17 and before is vulnerable to server-side request forgery SSRF in /apis/uc.api.storage.halo.run/v1alpha1/attachments/-/upload-from-url...
CVE-2025-44594
Halo v2.20.17 and earlier exposes a server‑side request forgery (SSRF) in the API endpoint /apis/uc.api.storage.halo.run/v1alpha1/attachments/-/upload-from-url. Multiple sources confirm the issue and classify CVSSv3.1 as CRITICAL (9.1) with network attack vector, no privileges required and no use...
CVE-2021-39195
Misskey is an open source, decentralized microblogging platform. In affected versions a Server-Side Request Forgery vulnerability exists in "Upload from URL" and remote attachment handling. This could result in the disclosure of non-public information within the internal network. This has been...
PT-2019-14833
Name of the Vulnerable Software and Affected Versions Tiny File Manager versions prior to 2.3.9 Description The issue allows for remote code execution through the Upload from URL feature and the Edit/Rename files functionality. It affects only authenticated users. Recommendations For versions pri...