2 matches found
CVE-2026-10052
A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...
Server-side Request Forgery (SSRF)
Overview @nocobase/plugin-ai is a Create AI employees with diverse skills to collaborate with humans, build systems, and handle business operations. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the workflow HTTP request and custom request plugins, which...