Saloon 代码问题漏洞

Saloon is a PHP open-source API integration and SDK library developed by Saloon PHP. Versions of Saloon prior to 4.0.0 had code vulnerabilities. These vulnerabilities stemmed from the fact that when constructing the request URL, if the endpoint was a valid absolute URL, the code would ignore the...

PT-2026-21966

Name of the Vulnerable Software and Affected Versions Angular SSR versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 Description Angular SSR, a server-side rendering tool for Angular applications, contains a Server-Side Request Forgery SSRF issue in its request handling pipeline. The...

CVE-2025-64525

Astro is a web framework. In Astro versions 2.16.0 up to but excluding 5.15.5 which utilizeon-demand rendering, request headers x-forwarded-proto and x-forwarded-port are insecurely used, without sanitization, to build the URL. This has several consequences, the most important of which are:...

CVE-2025-64525

Summary: Astro 2.16.0 to before 5.15.5 is vulnerable to header-based URL manipulation due to insecure use of unsanitized x-forwarded-proto and x-forwarded-port when building URLs. What’s affected: Astro’s server-side URL construction path uses the header values to compose the request URL in code ...

PT-2025-46860

Name of the Vulnerable Software and Affected Versions Astro versions 2.16.0 through 5.15.4 Description Astro, a web framework, contains a flaw in its on-demand rendering feature where the x-forwarded-proto and x-forwarded-port request headers are used without proper sanitization when constructing...

Rancher API Server Cross-site Scripting Vulnerability

Impact A vulnerability has been identified in which unauthenticated cross-site scripting XSS in the API Server's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely. The attack vector was identifi...

PT-2022-27040 · Ibm · Ibm Cognos Analytics

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.1.7 through 11.2.1 Description: The issue allows attackers to perform a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the intern...

CVE-2019-1010257

An Information Disclosure / Data Modification issue exists in article2pdfgetfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. A URL can be constructed which allows overriding the PDF file's path leading to any PDF whose path is known and which is readable to the web server can ...

CVE-2019-1010257

An Information Disclosure / Data Modification issue exists in article2pdfgetfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. A URL can be constructed which allows overriding the PDF file's path leading to any PDF whose path is known and which is readable to the web server can ...

python-django: unexpected code execution using reverse()

The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."...

CVE-2014-0472

The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."...

DEBIAN-CVE-2011-4139

Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request...

CVE-2011-4139

CVE-2011-4139 affects Django before 1.2.7 and 1.3.x before 1.3.1. The vulnerability arises when a request’s HTTP Host header is used to construct a full URL in certain circumstances, enabling remote attackers to poison caches via crafted requests. Public data from multiple sources (Ubuntu USN-129...

ShopEx easy distribution file to remove the vulnerability and repair-vulnerability warning-the black bar safety net

Brief description: white cap to go all over the world. Chivalry very carefully. Detailed description: this vulnerability in the same out in the template Management Service.。 Delete a template where you can construct the url you can delete any file including the whole Station, delete are possible...

CVE-2003-1311

Technical details about CVE-2003-1311 are not publicly available in the provided connected documents. No concrete affected products, versions, root cause specifics, or remediation are present. Monitor for updates to obtain authoritative information.