6 matches found
CVE-2026-33182 Saloon is vulnerable to SSRF and credential leakage via absolute URL in endpoint overriding base URL
Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, when building the request URL, Saloon combined the connector's base URL with the request endpoint. If the endpoint was a valid absolute URL, the code used that URL as-is and ignored the base...
PT-2025-49839
A vulnerability has been identified in SINEC Security Monitor All versions V4.10.0. The affected application does not have proper authorization checks for the file transfer feature in ssmctl-client command. This could allow an authenticated, lowly privileged local attacker to read or write to any...
SUSE CVE-2025-1866
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in warmcat libwebsockets allows Pointer Manipulation, potentially leading to out-of-bounds memory access. This issue affects libwebsockets before 4.3.4 and is present in code built specifically for the Win32...
PT-2024-32584 · Yith · Yith Woocommerce Product Add-Ons
Name of the Vulnerable Software and Affected Versions: YITH WooCommerce Product Add-Ons versions prior to 4.13.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations...
PT-2023-25706 · Sealos · Sealos
Name of the Vulnerable Software and Affected Versions: Sealos versions 4.2.0 and prior Description: Sealos, a Cloud Operating System for managing cloud-native applications, has a permission flaw in its billing system. This flaw allows users to control the recharge resource account via the...
GHSA-M56G-3G8V-2RXW XSS in Adminer
Withdrawn: Duplicate of GHSA-9pgx-gcph-mpqr. Adminer before 4.7.9 allows XSS via the history parameter to the default URI...