39 matches found
CVE-2026-61643 FastGPT: workflow runtime can execute another user's private HTTP toolset
FastGPT is a knowledge-based AI application platform. From 4.14.17 until 4.15.0-beta5, an authenticated FastGPT user can save a workflow node that points to another user's private HTTP toolset by using a crafted saved tool id such as http-/. The normal toolset routes deny access, but the workflow...
CVE-2026-15668
A vulnerability has been found in louisho5 picobot up to 0.2.0. This vulnerability affects the function WebTool.Execute of the file internal/agent/tools/web.go of the component web Tool. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotel...
CVE-2026-15668 louisho5 picobot web Tool web.go WebTool.Execute server-side request forgery
A vulnerability has been found in louisho5 picobot up to 0.2.0. This vulnerability affects the function WebTool.Execute of the file internal/agent/tools/web.go of the component web Tool. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotel...
CVE-2026-15668 louisho5 picobot web Tool web.go WebTool.Execute server-side request forgery
A vulnerability has been found in louisho5 picobot up to 0.2.0. This vulnerability affects the function WebTool.Execute of the file internal/agent/tools/web.go of the component web Tool. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotel...
CVE-2026-11720
The CVE-2026-11720 entry describes a path traversal flaw in the HTTP tool URL builder of googleapis/mcp-toolbox. User-controlled pathParams are substituted into a configured tool path and then parsed as a relative URL; while scheme/host/user info are checked, final resolution uses ResolveReferenc...
CVE-2025-67634 Software Acquisition Guide Supplier Response Web Tool XSS
The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The JavaScript would...
CVE-2025-67634 Software Acquisition Guide Supplier Response Web Tool XSS
The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The JavaScript would...
CISA Software Acquisition Guide Supplier Response Web Tool 安全漏洞
CISA Software Acquisition Guide Supplier Response Web Tool is an interactive Web tool from the CISA organization in the United States. A security vulnerability exists in versions of the CISA Software Acquisition Guide Supplier Response Web Tool prior to 2025-12-11, which stems from a cross-site...
CVE-2025-49145
Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, a user that has enough rights to create webhooks mostly administrators can drop the database. This is fixed in iTop 2.7.13 and 3.2.2 by verifying callback signature...
EUVD-2025-15961
Malicious code in bioql PyPI...
trashhost
xss tool and sqli detector...
CVE-2025-44897
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the bytftpsrvip parameter in the webtoolupgradeManagerpost function...
CVE-2025-44897
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the bytftpsrvip parameter in the webtoolupgradeManagerpost function...
CVE-2025-44897
The CVE-2025-44897 issue affects FW-WGS-804HPT v1.305b241111, with a stack overflow discovered in the bytftp_srvip parameter of the web_tool_upgradeManager_post function. Reported CVSSv3.1 is 9.8 (CRITICAL) with NETWORK attack vector, no user interaction, and impacts to confidentiality, integrity...
CVE-2025-44897
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the bytftpsrvip parameter in the webtoolupgradeManagerpost function...
CVE-2025-24969
iTop is an web based IT Service Management tool. Prior to version 3.2.1, a portal user can see any other contacts picture by changing the picture ID in the URL. Version 3.2.1 contains a patch for the issue...
CVE-2025-24785
iTop is an web based IT Service Management tool. In version 3.2.0, an attacker may send a URL to the server to trigger a PHP error. The next user trying to load this dashboard would encounter a crashed start page. Version 3.2.1 fixes the issue by checking the provided layoutclass before saving th...
PT-2025-22306 · Unknown · Fw-Wgs-804Hpt
Name of the Vulnerable Software and Affected Versions: FW-WGS-804HPT version 1.305b241111 Description: A stack overflow issue was discovered via the bytftp srvip parameter in the web tool upgradeManager post function. Recommendations: For FW-WGS-804HPT version 1.305b241111, consider disabling the...
The vulnerability of the Butterfly web application development tool lies in the improper restriction on the path to the restricted catalog, which allows a hacker to perform an SSRF attack.
The vulnerability of the Butterfly web application development tool is related to an incorrect limitation on the path name to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to perform a SSRF attack remotely...
The vulnerability in the iTop web tool for managing IT services arises from an incorrect limitation on the path to the restricted access catalog, allowing a perpetrator to disclose protected information.
The vulnerability of the iTop IT service management web tool is related to an incorrect limitation on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to disclose protected information...