13222 matches found
Mlflow < 2.11.0 - Path Traversal
A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '' character can be used to insert a path into the fragment, effectively...
Hitachi Pentaho Business Analytics Server - Bypass Authorization
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented. id: CVE-2022-43939 info: name: Hitachi Pentaho Business Analytics Server - Bypass Authorization author: daffainf...
EUVD-2026-43537
OpenClaw before 2026.6.6 contains a policy bypass vulnerability in browser CDP discovery that accepts blocked WebSocket URLs. Attackers with lower-trust access can reach network destinations that should have been blocked by OpenClaw policy when the affected feature is enabled...
EUVD-2026-43587
SAP NetWeaver Application Server Java allows an unauthenticated attacker to inject malicious JavaScript through crafted URLs. When a victim accesses such a URL, the script executes in the user's browser, allowing the attacker to access sensitive session information and modify non-sensitive data...
CVE-2026-62197
OpenClaw before 2026.6.6 contains a policy bypass vulnerability in browser CDP discovery that accepts blocked WebSocket URLs. Attackers with lower-trust access can reach network destinations that should have been blocked by OpenClaw policy when the affected feature is enabled...
CVE-2026-62197 OpenClaw < 2026.6.6 Policy Bypass via CDP Discovery
OpenClaw before 2026.6.6 contains a policy bypass vulnerability in browser CDP discovery that accepts blocked WebSocket URLs. Attackers with lower-trust access can reach network destinations that should have been blocked by OpenClaw policy when the affected feature is enabled...
CVE-2026-62197
CVE-2026-62197: OpenClaw before 2026.6.6 has a policy bypass in browser CDP discovery that accepts blocked WebSocket URLs. Attackers with lower-trust access can reach network destinations that the OpenClaw policy should block when the affected feature is enabled. Affected product/version: OpenCla...
CVE-2026-62242
CVE-2026-62242 affects Spring Boot Admin Server prior to 4.1.2. The vulnerability is a server-side request forgery in the unauthenticated instance registration flow, where attacker-controlled healthUrl and managementUrl are not validated against private IP ranges or metadata endpoints. This allow...
CVE-2026-49970
creationtimestamp| type| source ---|---|--- 2026-07-13 18:52:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqkefsdmh627 2026-07-13 19:40:38+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mqkh3wqres2s 2026-07-13 20:01:37+00:00| seen|...
CVE-2026-15574
creationtimestamp| type| source ---|---|--- 2026-07-13 09:50:32+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjg4qea2f2i 2026-07-13 09:50:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjg4wv44l2k 2026-07-14 01:10:43+00:00| seen|...
ChatGPT个人专用版 - Server Side Request Forgery
A Server-Side Request Forgery SSRF in pictureproxy.php of ChatGPT commit f9f4bbc allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the urlparameter. id: CVE-2024-27564 info: name: ChatGPT个人专用版 - Server Side Request Forgery author: DhiyaneshDK...
CVE-2026-9492
creationtimestamp| type| source ---|---|--- 2026-07-13 04:30:25+00:00| seen| https://infosec.exchange/users/offseq/statuses/116910786151566204 2026-07-13 04:30:27+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mqiuaepo5j2r 2026-07-13 05:00:25+00:00| seen|...
CVE-2026-15525
A vulnerability was detected in kLOsk adloop up to 0.9.0. This vulnerability affects the function validateurls of the file src/adloop/ads/write.py. Performing a manipulation of the argument finalurl results in server-side request forgery. The attack may be initiated remotely. The exploit is now...
EUVD-2026-43267
A vulnerability was detected in kLOsk adloop up to 0.9.0. This vulnerability affects the function validateurls of the file src/adloop/ads/write.py. Performing a manipulation of the argument finalurl results in server-side request forgery. The attack may be initiated remotely. The exploit is now...
CVE-2026-15525
CVE-2026-15525 affects the kLOsk adloop package up to version 0.9.0. The vulnerability is in the function _validate_urls in src/adloop/ads/write.py, where manipulating the argument final_url can trigger a server-side request forgery (SSRF). The issue can be exploited remotely and the exploit is p...
CVE-2026-15096
creationtimestamp| type| source ---|---|--- 2026-07-11 05:27:40+00:00| seen| https://bsky.app/profile/qiancx.bsky.social/post/3mqdwiu3p3x2m 2026-07-11 05:27:40+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdwiu4qbf2d 2026-07-14 00:12:06+00:00| seen|...
EUVD-2026-43138
The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.14.0 via the generatedocumentshortcode due to missing validation on a user controlled key. This makes it possible for authenticated...
EUVD-2026-43135
The SurfLink - Ultimate Link Manager plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the ajaximport410 function in all versions up to 2.6.0. This is due to a missing capability check currentusercan and missing nonce verification...
Malicious code in auth-next-gen (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe0926f0a2c1f47072efaac014be38bb00c8e9f31f59badf188b1ed74dd5c2ce On require of auth-next-gen, index.js loads lib/writer.js, which at module top level performs an axios GET against a base64-obfuscated URL...
CVE-2026-54000
creationtimestamp| type| source ---|---|--- 2026-07-10 22:30:07+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqd767pejc2x 2026-07-10 23:32:21+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdcnj33hu22...