CVE-2019-25250

The CVE covers Devolo dLAN 500 AV Wireless+ (firmware 3.1.0-1) with a cross-site request forgery flaw that allows triggering administrative actions via malicious pages when a logged-in user visits. Root cause stated across sources is lack of proper request validation enabling CSRF to trigger unau...

CVE-2024-9309

A Server-Side Request Forgery SSRF vulnerability exists in the POST /workergeneratestream API endpoint of the Controller API Server in haotian-liu/llava version v1.2.0 LLaVA-1.6. This vulnerability allows attackers to exploit the victim Controller API Server's credentials to perform unauthorized...

Malicious code in web-actions-v4 (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d40edcae4c894042717491d36e69b45f4b012916fc7b7dbd64e5901b3b6dda8 Any computer that has this package installed or running should be considered...

MAL-2025-699 Malicious code in web-actions-v4 (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d40edcae4c894042717491d36e69b45f4b012916fc7b7dbd64e5901b3b6dda8 Any computer that has this package installed or running should be considered...

CVE-2024-10044 SSRF in POST /worker_generate_stream API endpoint in lm-sys/fastchat

A Server-Side Request Forgery SSRF vulnerability exists in the POST /workergeneratestream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit e208d5677c6837d590b81cb03847c0b9de100765. This vulnerability allows attackers to exploit the victim controller API server's...

MAL-2022-4614 Malicious code in misk-web-tab-web-actions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b82b00b3e72ac86b3969b36273efff67fa09127e6a8982926271d15ea2fb3113 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Security Bulletin: IBM Cloud Functions web actions API endpoint change

Summary In order to improve the stability of the service and to prevent potential weaknesses in the services' web actions functionality we introduced a new IBM Cloud Functions API endpoint .functions.appdomain.cloud for web actions which use text/html response data. The previously used API endpoi...

Open redirect

An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code which got injected to a mail with inline PGP signature gets executed when verifying the signature. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwant...

CVE-1999-1087

Internet Explorer 4 treats a 32-bit number "dotless IP address" in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by using URLs that conta...