Lucene search
K

13 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/08 9:22 p.m.8 views

CVE-2026-42195

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab server URL used during OAuth sign-in. A crafted link causes the user's click on draw.io's "Authorize in GitLab" dialog to ope...

3.4CVSS5.8AI score0.00192EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/08 9:22 p.m.9 views

EUVD-2026-28833

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab server URL used during OAuth sign-in. A crafted link causes the user's click on draw.io's "Authorize in GitLab" dialog to ope...

3.4CVSS5.8AI score0.00192EPSS
Exploits0References3
OSV
OSV
added 2026/03/26 12:22 a.m.4 views

CVE-2026-33182 Saloon is vulnerable to SSRF and credential leakage via absolute URL in endpoint overriding base URL

Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, when building the request URL, Saloon combined the connector's base URL with the request endpoint. If the endpoint was a valid absolute URL, the code used that URL as-is and ignored the base...

8.7CVSS5.9AI score0.0042EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/25 9:28 p.m.6 views

EUVD-2026-14502

AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php...

9.4CVSS5.8AI score0.00437EPSS
Exploits1References3
OSV
OSV
added 2026/02/19 10:33 p.m.7 views

CVE-2026-26322 OpenClaw Gateway tool allowed unrestricted gatewayUrl override

OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Gateway tool accepted a tool-supplied gatewayUrl without sufficient restrictions, which could cause the OpenClaw host to attempt outbound WebSocket connections to user-specified targets. This requires the ability to...

7.6CVSS5.8AI score0.00336EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/02/17 9:42 p.m.10 views

OpenClaw Gateway tool allowed unrestricted gatewayUrl override

Summary The Gateway tool accepted a tool-supplied gatewayUrl without sufficient restrictions, which could cause the OpenClaw host to attempt outbound WebSocket connections to user-specified targets. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.2.14 planned What...

7.6CVSS5.7AI score0.00336EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2025/12/08 11:6 a.m.7 views

Server-Side Request Forgery (SSRF)

apache.nms.amqp is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper URL resolution in the createRequestUrl function that treats paths beginning with // or \ as schema-relative URLs, which allows an attacker to override the intended base URL and force the server...

9.8CVSS7AI score0.02016EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/17 7:46 p.m.9 views

CVE-2025-62427

The Angular SSR is a server-rise rendering tool for Angular applications. The vulnerability is a Server-Side Request Forgery SSRF flaw within the URL resolution mechanism of Angular's Server-Side Rendering package @angular/ssr before 19.2.18, 20.3.6, and 21.0.0-next.8. The function createRequestU...

8.7CVSS7AI score0.00397EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-1179

Malware in sbrugna...

6.1CVSS5.4AI score0.008EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/04/22 12:0 a.m.53 views

Request URL Override

Web application components can sometimes rely on request HTTP headers like 'X-Original-URL' or 'X-Rewrite-URL' to override the original path of this request. Attackers can leverage this vulnerability to conduct further attacks in order to bypass restrictions or conduct cache poisonning attacks. N...

6.5CVSS7.2AI score0.58061EPSS
Exploits0References4
CVE
CVE
added 2020/10/02 8:40 p.m.64 views

CVE-2020-15233

Summary: CVE-2020-15233 affects ORY Fosite

6.1CVSS5.2AI score0.008EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2018/08/03 5:29 p.m.34 views

CVE-2018-14773

An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises from support for a legacy IIS header that lets users override the path in the request URL via the...

6.5CVSS7AI score0.58061EPSS
Exploits0References2
seebug.org
seebug.org
added 2010/06/21 12:0 a.m.106 views

Spring Framework class.classLoader类远程代码执行漏洞

BUGTRAQ ID: 40954 CVE ID: CVE-2010-1622 Spring是一个广泛部署的开源架构,帮助开发人员构建高质量的应用。 Spring框架提供了允许使用客户端所提供的数据来更新对象属性的机制,而该机制允许攻击者修改用于通过class.classloader加载对象的类加载器的属性,这可能导致执行任意命令。例如,攻击者可以将类加载器所使用的URL修改到受控的位置。 0 SpringSource Spring Framework 3.0.0 - 3.0.2 SpringSource Spring Framework 2.5.0 - 2.5.7 厂商补丁:...

6CVSS9.4AI score0.52003EPSS
Exploits11
Rows per page
Query Builder