@aborruso/ckan-mcp-server: SSRF via base_url allows access to internal networks (Potential fix bypass of CVE-2026-33060)
HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets. When the server returns a 3xx redirect, `_maybe_redirect` follows the `Location:` header and `_prepare_headers_and_cb` re-merges the caller's `headers` argument into the new request, without ...
9Router before 0.4.44 contains an OS command injection vulnerability in the unauthenticated POST /api/tunnel/tailscale-install endpoint (this route is not covered by the dashboard middleware matcher, so no authorization check is applied). The sudoPassword field from the request body is written to th...
The GET /api/v1/public/:accessId/portfolio endpoint in ghostfolio accepts private access IDs without validating granteeUserId filtering, allowing unauthenticated access to full portfolio data. Attackers with a private access ID can retrieve sensitive portfolio information including holdings, quantit...
An improper access check allows unauthorized users to create custom fields via webservices endpoints.
An improper access check allows unauthorized users to access com_privacy datasets.
An improper access check allows users to display a list of modules in the frontend.
An improper access check allows unauthorized users to access workflow stage and transition information.
Improper validation leads to a generic XSS vector in the language override feature.
Lack of escaping leads to an XSS vulnerability in the generic image output layout.
Lack of escaping leads to an XSS vulnerability in the update list view of com_installer.
Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components.
Lack of escaping leads to an XSS vulnerability in the file management view of com_templates.
Lack of validation leads to an XSS vulnerability in the MFA management views.
An improper access check allows user to download vcard exports of com_contact contacts that are inaccessible.
An improper access check allows privileged users to overwrite media files without editing permissions.
MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator privile...
Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents dir...
Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the .phar...
AWS Research and Engineering Studio (RES) is an open-source solution that enables researchers and engineers to create and manage secure virtual desktops and computing resources on AWS. Improper link resolution before file access issue (CWE-59) in the Auth.GetUserPrivateKey API. An authenticated r...