13 matches found
EUVD-2026-36240
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 did not reject ASCII control characters, whitespace, or DEL in first-party URI host components. A vulnerable flow is: First, an application accepts a user-controlled URL. Second, the URL is used to...
FastGPT 代码问题漏洞
FastGPT is an open-source knowledge base question-answering system based on large language models developed by Labring. Versions of FastGPT prior to 4.14.17 contained code vulnerabilities. These vulnerabilities stemmed from the fetchData function in the lafModule workflow node, which used axios t...
FastGPT 代码问题漏洞
FastGPT is an open-source knowledge base question-answering system based on large language models developed by Labring. Versions of FastGPT prior to 4.14.9.5 contained code vulnerabilities. These vulnerabilities stemmed from the MCP tool endpoints in FastGPT, which accept URL parameters provided ...
CVE-2026-1313
The MimeTypes Link Icons plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.2.20. This is due to the plugin making outbound HTTP requests to user-controlled URLs without proper validation when the "Show file size" option is enabled. This make...
PT-2026-20327
Name of the Vulnerable Software and Affected Versions Indico versions prior to 3.3.10 Description Indico, an event management system, is susceptible to server-side request forgery SSRF. The system makes outgoing requests to URLs provided by users. While this functionality is intentional, it could...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF when processing user-supplied URLs. An attacker can cause the server to send unauthorized requests to arbitrary internal or external services by submitting crafted URLs. Workaround This vulnerability can...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF when processing user-supplied URLs. An attacker can cause the server to send unauthorized requests to arbitrary internal or external services by submitting crafted URLs. Workaround This vulnerability can...
CVE-2025-34225
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain a server-side request forgery SSRF vulnerability. The consolerelease directory is reachable from the internet without any authentication. Insi...
pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools
A flaw was found in the packageindex module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to co...
pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools
A flaw was found in the packageindex module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to co...
Cross-site Request Forgery (CSRF)
github.com/AdguardTeam/AdGuardHome is vulnerable to Cross-site Request Forgery CSRF. The vulnerability exists because the custom filtering rules functionality in the setupConfig function of home.go, allows a malicious user to redirect the authorized user to malicious urls and modify the custom...
DEBIAN-CVE-2017-7830
The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox 57, Firefox ESR 52.5, and Thunderbird 52.5...
Qt qt5-qtwebkit Information Disclosure Vulnerability
Qt qt5-qtwebkit is a toolkit that encapsulates the Webkit browser engine from Qt Inc. in the Republic of Finland. A security vulnerability exists in Qt qt5-qtwebkit versions prior to 5.4, which originates when the program records the URLs of an individual's browsing in the WebpageIcons.db databas...