13 matches found
CVE-2026-49214
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 did not reject ASCII control characters, whitespace, or DEL in first-party URI host components. A vulnerable flow is: First, an application accepts a user-controlled URL. Second, the URL is used to...
PT-2026-42858
Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 1.4.0 through 2.0.7 Description The dashboard allows users with the RoleMember role to access notification routes that should be restricted to administrators. Specifically, the endpoints "POST /api/v1/notification" an...
CVE-2026-6394
CVE-2026-6394 affects Nexa Blocks ≤ 1.1.1 (WordPress Gutenberg/FSE plugin). The import_demo() function accepts a user-supplied URL in demo_json_file via POST and forwards it to wp_remote_get() without URL validation or internal-network restrictions, enabling unauthenticated SSRF to arbitrary dest...
PT-2026-37097
Name of the Vulnerable Software and Affected Versions Incus versions prior to 7.0.0 Description An authenticated user can cause the daemon to make blind outbound HEAD requests to arbitrary destinations. This occurs because the image import flow issues a request to a user-supplied URL via the...
Server-side Request Forgery (SSRF)
Overview curl-cffi is a python binding for curl-impersonate via cffi. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the handling of user-supplied URLs and automatic redirect following in the get function. An attacker can access internal network resources...
CVE-2026-22219 Chainlit < 2.9.4 SQLAlchemy Data Layer SSRF via /project/element
Chainlit versions prior to 2.9.4 contain a server-side request forgery SSRF vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled url value in an Element, which is fetched by the SQLAlchemy...
BIT-LIBPHP-2020-7066 get_headers() silently truncates after a null byte
In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using getheaders with user-supplied URL, if the URL contains zero \0 character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the getheade...
PT-2024-29276
Name of the Vulnerable Software and Affected Versions streamlit-geospatial versions prior to commit c4f81d9616d40c60584e36abb15300853a66e489 Description The issue arises from the url variable in the pages/9 🔲 Vector Data Visualization.py file, which takes user input. This input is then passed to...
PT-2024-18318 · WordPress · Embedpress
Name of the Vulnerable Software and Affected Versions: EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress versions up to, and including, 3.9.10 Description: The issue is related to Stored...
WordPress 插件 代码问题漏洞
WordPress Plugin is an open source application plugin for WordPress. A code issue vulnerability exists in the WordPress plugin, which stems from a user-supplied URL request value being invoked by a curl request, making the Telefication plugin susceptible to open proxies and server-side request...
curl: FTP PASV command response can cause curl to connect to arbitrary host
A malicious server can use the PASV response to trick curl into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. If cu...
DEBIAN-CVE-2019-1010174
CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: loadnetwork function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed...
UBUNTU-CVE-2019-1010174
CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: loadnetwork function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed...