10 matches found
CVE-2026-42345
FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a fullUrl.startsWith check against a hardcoded list. This check can be bypassed using at least 7 different...
CVE-2025-70936
Vtiger CRM 8.4.0 contains a reflected cross-site scripting XSS vulnerability in the MailManager module. Improper handling of user-controlled input in the folder parameter allows a specially crafted, double URL-encoded payload to be reflected and executed in the context of an authenticated user s...
USN-8062-1 curl vulnerabilities
It was discovered that curl incorrectly handled cookies when redirected from secure to insecure connections. An attacker could possibly use this issue to cause a denial of service, or obtain sensitive information. This issue only affected Ubuntu 25.10. CVE-2025-9086 Calvin Ruocco discovered that...
Linux Distros Unpatched Vulnerability : CVE-2020-12409
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox 77...
WordPress plugin Stop User Enumeration 安全漏洞
WordPress Stop User Enumeration plugin is a security plugin for WordPress, mainly used to detect and prevent hackers from scanning website usernames user enumeration attack to get the login name, which is the pre-detection behavior of brute force password cracking attack. A security vulnerability...
The vulnerability of the QuTS operating systems and QTS network devices from Qnap, related to improper handling of data with URL encoding, allows attackers to execute arbitrary code.
The vulnerability of the QuTS operating systems and QTS network devices involves improper handling of data with URL encoding. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the RGW component of the Ceph storage system allows a attacker to cause a service failure.
The vulnerability of the RGW component of the Ceph storage system is related to encoding errors in URL addresses. Exploiting this vulnerability can allow a malicious actor to cause service failures...
The vulnerability of the cURL command-line utility, related to errors in URL encoding, allows a hacker to redirect users to another URL address.
The vulnerability of the cURL command-line utility relates to the replacement of the “%” symbol with “/” when encoding URL addresses. Exploiting this vulnerability can allow a remote attacker to redirect users to a different URL address...
PT-2020-16518 · Sap · Sap Netweaver As Abap
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS ABAP versions 740 through 754 Description: The issue arises from insufficient URL encoding, allowing an attacker to input malicious JavaScript in the URL. This could result in the execution of the malicious script in the...
GHSA-R2J6-P67H-Q639 Secret disclosure when containing characters that become URI encoded
Impact Secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that become encoded when included in a URL. Patches Fixed in v17.2.3 Workarounds Secrets that do not contain characters that become encoded when included in a URL are already...