Server-side Request Forgery (SSRF)

Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the processUrlFile function. An attacker can access internal network resources and sensitive cloud metadata by supplying crafted URLs that target internal or...

CVE-2026-7086

A vulnerability was identified in HBAI-Ltd Toonflow-app up to 1.1.1. This issue affects the function updateStoryboardUrl of the file replaceUrl.ts of the component Storyboard Export. Such manipulation of the argument url leads to path traversal. It is possible to launch the attack remotely. The...

CVE-2026-6141

A vulnerability was determined in danielmiessler PersonalAIInfrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parseurl.ts. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclos...

CVE-2024-41349

unmark 1.9.2 is vulnerable to Cross Site Scripting XSS via application/views/marks/addbyurl.php...

EUVD-2019-7467

Malware in sbrugna...

📄 Microsoft Windows 10 WebDAV Remote Code Execution

This exploit leverages the behavior of Windows .URL files to execute a remote binary over a UNC path. When a victim opens or previews the .URL file e.g. from email, the system may automatically reach out to the specified path e.g. WebDAV or SMB share, leading to arbitrary code execution without...

CVE-2024-31993

Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the scrapeimage function will retrieve an image based on a user-provided URL, however the provided URL is not validated to point to an external location and does not have any enforced rate limiting. The response from the...

What is known about the Spoofing – Windows MSHTML Platform (CVE-2024-43573) vulnerability from the October Microsoft Patch Tuesday?

What is known about the Spoofing - Windows MSHTML Platform CVE-2024-43573 vulnerability from the October Microsoft Patch Tuesday? In fact, just that it is being exploited in the wild. There are no write-ups or public exploits yet. The Acknowledgements section in the Microsoft bulletin is empty. I...

PT-2024-29367

Name of the Vulnerable Software and Affected Versions unmark version 1.9.2 Description The issue is a Cross Site Scripting XSS vulnerability found in the application/views/marks/add by url.php file. This allows for potential malicious script execution. Recommendations For version 1.9.2, consider...

PT-2024-38070 · WordPress · Lh Add Media From Url

Name of the Vulnerable Software and Affected Versions: LH Add Media From Url plugin for WordPress versions up to, and including, 1.23 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attacke...

Void Banshee APT Exploits Microsoft MHTML Flaw to Spread Atlantida Stealer

An advanced persistent threat APT group called Void Banshee has been observed exploiting a recently disclosed security flaw in the Microsoft MHTML browser engine as a zero-day to deliver an information stealer called Atlantida. Cybersecurity firm Trend Micro, which observed the activity in mid-Ma...

Online-Book-Store-Website SQL Injection Vulnerability

Online-Book-Store-Website is an online bookstore website. A SQL injection vulnerability exists in Online-Book-Store-Website version 1.0, which originates from a SQL injection vulnerability in the search parameter of the /search.php file...

USN-6117-1 batik vulnerabilities

It was discovered that Apache Batik incorrectly handled certain inputs. An attacker could possibly use this to perform a cross site request forgery attack. CVE-2019-17566, CVE-2020-11987, CVE-2022-38398, CVE-2022-38648 It was discovered that Apache Batik incorrectly handled Jar URLs in some...

PT-2022-8022 · Unknown · Ariadne Component Library

Name of the Vulnerable Software and Affected Versions: Ariadne Component Library versions up to 2.x Description: A critical issue has been found, affecting an unknown function of the file src/url/Url.php. This issue leads to server-side request forgery. Recommendations: For Ariadne Component...

Remote code execution

A remote code execution vulnerability exists when Microsoft Office fails to properly handle certain files.To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted URL file that points to an Excel or PowerPoint file that was also downloaded.The update...

Office Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Microsoft Office fails to properly handle certain files. To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted URL file that points to an Excel or PowerPoint file that was also downloaded. The update...

Epignosis eFront CMS Arbitrary File Upload Vulnerability (CNVD-2017-26067)

Epignosis eFront CMS is an online learning system with an Ajax interface from Epignosis, USA. The system allows you to create and manage courses with tools such as a content editor, file manager, and digital library. An arbitrary file upload vulnerability exists in Epignosis eFront CMS versions...

Microsoft Windows .URL File Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. An attacker can craft a malicious file with a...

Microsoft Windows Explorer Invalid URL File Parsing Stack Overflow (CVE-2006-3351)

The Microsoft Windows series of operating systems is one of the most popular systems in use on workstations, home computers, and servers. All versions of the OS include a graphical shell interface, called Windows Explorer. There exists a stack exhaustion vulnerability in Microsoft Windows Explore...

ICQ 6.5 URL Search Hook (Windows Explorer) Remote BOF PoC

No description provided by source. ?php / ICQ 6.5 URL Search Hook/ICQToolBar.dll .URL file processing Windows Explorer remote buffer overflow poc by Nine:Situations:Group::pyrokinesis site: http://retrogod.altervista.org/ If the resulting file is placed on the desktop, against ex. xp sp3 process...