GHSA-8MC6-XJPR-H98X Ech0 has Server-Side Request Forgery (SSRF) via Connect Handler fetchPeerConnectInfo

Summary The fetchPeerConnectInfo function in internal/service/connect/connect.go:214-239 uses httpUtil.SendRequest no SSRF protection instead of SendSafeRequest which has ValidatePublicHTTPURL with private IP blocking. This allows authenticated users to make the server request arbitrary URLs...

CVE-2026-33502 AVideo has Unauthenticated SSRF via plugin/Live/test.php

WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticated server-side request forgery vulnerability in plugin/Live/test.php allows any remote user to make the AVideo server send HTTP requests to arbitrary URLs. This can be used to probe...

CVE-2025-65109

Minder is an open source software supply chain security platform. In Minder Helm version 0.20241106.3386+ref.2507dbf and Minder Go versions from 0.0.72 to 0.0.83, Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not normally have acce...

DEBIAN-CVE-2021-44420

In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths...

CVE-2017-16038

f2e-server 1.12.11 and earlier is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. This is compounded by f2e-server requiring elevated privileges to run...

USN-3544-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, spoof the origin in audio capture prompts, trick the user in to providing HTTP...

Kids Numbers and Math FREE - External URLs, SD-card access, Suspicious files vulnerabilities

HackApp vulnerability scanner discovered that application Kids Numbers and Math FREE published at the 'play' market has multiple vulnerabilities...

Drag Toilet Paper - External URLs, SD-card access, Suspicious files vulnerabilities

HackApp vulnerability scanner discovered that application Drag Toilet Paper published at the 'play' market has multiple vulnerabilities...

Speed Camera Detector Free - External URLs, SD-card access, Suspicious files vulnerabilities

HackApp vulnerability scanner discovered that application Speed Camera Detector Free published at the 'play' market has multiple vulnerabilities...

FaxFile - Send Fax from phone - Exported components, External URLs, SD-card access vulnerabilities

HackApp vulnerability scanner discovered that application FaxFile - Send Fax from phone published at the 'play' market has multiple vulnerabilities...

Behold! Software Web Page Counter 2.7 - Denial of Service

Behold! Software Web Page Counter 2.7 - Denial of Service source: https://www.securityfocus.com/bid/267/info A set of vulnerabilities in the counter.exe web hit counter program enables denial of service attacks. A malicious user can create a malformed like ",1" entry in the counter.log file by...