-
**Issue Description:**
A potential Server-Side Request Forgery (SSRF) vulnerability was detected in the `miniget` library. The issue was identified in the file `index.js` at line 170, where unsanitiz…
-
XmlDocument load is vulnerable to XXE attacks (XML external entity injection)
it can allow someone to perform SSRF attacks and read local files by sending an AMF request with XML data
Here is some m…
-
**Describe the bug**
Security bug: SSRF in load_web
**To Reproduce**
Hello Developer,
I have noticed that agentscope does not implement security measures to sanitize the URL in load_web, which…
-
### Is there an existing issue for this?
- [x] I have searched the existing issues.
### Current Behavior
## Summary
I was working on a SSRF template, taking reference from https://github.com…
-
**Description of the false positive**
I have made attempts to validate the inputs used in the FastAPI endpoint, making sure that they are from a list of approved entries, and checking the string …
-
### Nuclei version:
last
### --
When I use payloads together with oast, it results in a miss. Here's an example of the test command I used, along with a yaml template, and a php test.…
-
-
> [!NOTE]
> The vulnerability described here has been tested with lerna version `8.1.4`, however as described below it is an issue for `8.1.8` also due to the dependency with `nx`.
## Current Beha…
-
您好,
我是360代码卫士团队的工作人员,在lemon项目中发现了服务器端请求伪造漏洞(ssrf),详细信息如下
CdnController.java文件中接收了http请求中的url参数
![default](https://user-images.githubusercontent.com/39950310/46716441-9c0c1b80-cc96-11e8-9ba7-3f3b851…
-
It looks like when using a custom interactsh server that there is a maximum length for the provided token.
Using a server with a token like one of the following works:
```
abc123
a1234567-abc…