Open WebUI Vulnerable to SSRF via OAuth Profile Picture URL in _process_picture_url (oauth.py)

Summary A Server-Side Request Forgery SSRF vulnerability exists in processpictureurl in backend/openwebui/utils/oauth.py line 1338. The function fetches arbitrary URLs from OAuth picture claims without applying validateurl, allowing an attacker to force the server to make HTTP requests to interna...

EUVD-2024-53621

Malicious code in bioql PyPI...

CVE-2024-57546

An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function...

CVE-2024-57546

An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function...

CVE-2024-57546

CMSimple v5.16 is affected by a vulnerability in the validate link function that can allow a remote attacker to obtain sensitive information and may enable SSRF. The issue stems from insufficient protection of internal data in the link validation path. Recommended temporary mitigation: disable th...

PT-2023-29703 · Torbot +1 · Torbot +1

Name of the Vulnerable Software and Affected Versions: Torbot versions prior to 4.0.0 Description: The issue concerns the torbot.modules.validators.validate link function, which uses the python-validators URL validation regex. This regular expression has exponential complexity, allowing an attack...