CVE-2026-6605

A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function getbytesfromweburl of the file src/agentscope/utils/common.py of the component Internal Service. Performing a manipulation results in server-side request forgery. It is possible to initiate the...

CVE-2026-6605

Scope: modelscope agentscope up to 1.0.18. Affected component: Internal Service, file src/agentscope/_utils/_common.py, function _get_bytes_from_web_url. Description indicates a server-side request forgery vulnerability caused by a manipulation of this function. Attack could be performed remotely...

CVE-2026-6605 modelscope agentscope Internal Service _common.py _get_bytes_from_web_url server-side request forgery

A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function getbytesfromweburl of the file src/agentscope/utils/common.py of the component Internal Service. Performing a manipulation results in server-side request forgery. It is possible to initiate the...

AgentScope 安全漏洞

AgentScope is an open-source application developed by ModelScope. It facilitates the simpler development of multi-agent applications based on LLMs. Versions of AgentScope prior to 1.0.18 contained a security vulnerability, which was caused by incorrect operations on the function getbytesfromwebur...

SUSE-SU-2026:1296-1 Security update for python39

This update for python39 fixes the following issues: - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives bsc1259611. - CVE-2026-3644: incomplete control character validation in http.cookies can lead to inpu...

EUVD-2026-7463

free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters e.g., %00 into the supi parameter, triggering internal URL parsing errors net/url:...

CVE-2023-53482

creationtimestamp| type| source ---|---|--- 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8...

CVE-2025-65276

creationtimestamp| type| source ---|---|--- 2025-11-26 23:05:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m6kxrbdkvn2q...

GHSA-527M-2XHR-J27G LLaMA Factory's Chat API Contains Critical SSRF and LFI Vulnerabilities

Summary A Server-Side Request Forgery SSRF vulnerability in the chat API allows any authenticated user to force the server to make arbitrary HTTP requests to internal and external networks. This can lead to the exposure of sensitive internal services, reconnaissance of the internal network, or...

EUVD-2007-5413

Malware in sbrugna...

EUVD-2022-41600

Malicious code in bioql PyPI...

CVE-2025-58047 Volto affected by possible DoS by invoking specific URL by anonymous user

Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when...

CVE-2025-54066

DiracX-Web is a web application that provides an interface to interact with the DiracX services. Prior to version 0.1.0-a8, an attacker can forge a request that they can pass to redirect an authenticated user to another arbitrary website. In the login page, DiracX-Web has a redirect field which i...

CVE-2025-44900

In Tenda RX3 V1.0brV16.03.13.11 in the GetParentControlInfo function of the web url /goform/GetParentControlInfo, the manipulation of the parameter mac leads to stack overflow...

CVE-2020-24219

creationtimestamp| type| source ---|---|--- 2025-02-21 12:27:07+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/1948 2026-02-05 21:02:48+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3me5bzexsig2c...

Online Piggery Management System v1.0 - unauthenticated file upload Vulnerability

!/bin/bash Exploit Title: Online Piggery Management System v1.0 - unauthenticated file upload vulnerability Exploit Author: 1337kid Software Link: https://www.sourcecodester.com/php/11814/online-pig-management-system-basic-free-version.html Version: 1.0 Tested on: Ubuntu CVE : CVE-2023-37629 chmo...

PT-2022-20404 · Google · Flutter +1

Name of the Vulnerable Software and Affected Versions: Dart versions prior to 2.18 Flutter versions prior to 3.30 Description: The implementation of backslash parsing in the Dart URI class differs from the WhatWG URL standards, as it uses the RFC 3986 syntax. This creates incompatibilities with t...

CVE-2022-39054

Cowell enterprise travel management system has insufficient filtering for special characters within web URL. An unauthenticated remote attacker can inject JavaScript and perform XSS Reflected Cross-Site Scripting attack...

Cross site scripting

Heimavista Rpage has insufficient filtering for platform web URL. An unauthenticated remote attacker can inject JavaScript and perform XSS Reflected Cross-Site Scripting attack...

Cross site scripting

Cowell enterprise travel management system has insufficient filtering for special characters within web URL. An unauthenticated remote attacker can inject JavaScript and perform XSS Reflected Cross-Site Scripting attack...