21 matches found
SUSE CVE-2026-30834
PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Prior to version 0.7.7, a Server-Side Request Forgery SSRF vulnerability in the /download endpoint allows any user with API access to induce the PinchTab server to make requests to arbitrary URLs,...
CVE-2026-30834
PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Prior to version 0.7.7, a Server-Side Request Forgery SSRF vulnerability in the /download endpoint allows any user with API access to induce the PinchTab server to make requests to arbitrary URLs,...
CVE-2026-30834 PinchTab: SSRF with Full Response Exfiltration via Download Handler
PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Prior to version 0.7.7, a Server-Side Request Forgery SSRF vulnerability in the /download endpoint allows any user with API access to induce the PinchTab server to make requests to arbitrary URLs,...
CVE-2026-30834
PinchTab exposes a high-severity SSRF via GET /download?url=, where the server passes user-controlled URL directly to headless Chrome (chromedp.Navigate) without validation. This allows exfiltration of the full HTTP response from arbitrary destinations: local files (file://), internal services, a...
CVE-2026-30834 PinchTab: SSRF with Full Response Exfiltration via Download Handler
PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Prior to version 0.7.7, a Server-Side Request Forgery SSRF vulnerability in the /download endpoint allows any user with API access to induce the PinchTab server to make requests to arbitrary URLs,...
CVE-2026-30834
PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Prior to version 0.7.7, a Server-Side Request Forgery SSRF vulnerability in the /download endpoint allows any user with API access to induce the PinchTab server to make requests to arbitrary URLs,...
CVE-2022-38890
Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njsutf8next at src/njsutf8.h...
CVE-2025-54868 LibreChat exposes arbitrary chats through Meilisearch engine
LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint allows reading arbitrary chats directly from the Meilisearch engine. The endpoint /api/search/test allows for direct access to stored chats in the Meilisearch engine without...
PT-2025-31902 · Unknown +1 · Meilisearch +1
Name of the Vulnerable Software and Affected Versions: LibreChat versions 0.0.6 through 0.7.7-rc1 Description: LibreChat, a ChatGPT clone, contains an exposed testing endpoint that allows unauthorized access to chats stored in the Meilisearch engine. The /api/search/test endpoint does not enforce...
WordPress plugin Brave Conversion Engine 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
SUSE CVE-2024-6104
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...
go-retryablehttp can leak basic auth credentials to log files
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...
DEBIAN-CVE-2024-6104
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...
AZL-42916 CVE-2024-6104 affecting package cert-manager for versions less than 1.11.2-12
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...
AZL-42898 CVE-2024-6104 affecting package prometheus for versions less than 2.45.4-3
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...
UBUNTU-CVE-2024-6104
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...
HashiCorp go-retryablehttp Log Information Disclosure Vulnerability
go-retryablehttp is a retryable HTTP client in Go open-sourced by HashiCorp. A security vulnerability exists in Hashicorp go-retryablehttp versions prior to 0.7.7, which stems from failure to clean up a URL when writing it to a log file, resulting in sensitive HTTP basic authentication credential...
AZL-37153 CVE-2023-43907 affecting package optipng 0.7.7-7
OptiPNG v0.7.7 was discovered to contain a global buffer overflow via the 'buffer' variable at gifread.c...
PT-2023-8922 · Optipng +3 · Optipng +3
Name of the Vulnerable Software and Affected Versions: OptiPNG version 0.7.7 Description: The issue is related to a global buffer overflow via the buffer variable at gifread.c. This can potentially allow an attacker to cause a denial of service or other impact. Recommendations: For OptiPNG versio...
PT-2022-24613 · Nginx · Nginx Njs
Name of the Vulnerable Software and Affected Versions: Nginx NJS version 0.7.7 Description: A segmentation violation was discovered in Nginx NJS via the njs utf8 next function at src/njs utf8.h. Recommendations: For Nginx NJS version 0.7.7, at the moment, there is no information about a newer...