CVE-2026-25883 | Vexa-ai vexa prior 0.10.0-260419-1910 HTTP POST Request server-side request forgery (GHSA-fhr6-8hff-cvg4)

Inserito da Angelo Barbosa | Apr 20, 2026 | CVE

A vulnerability described as critical has been identified in Vexa-ai vexa. The affected element is an unknown function of the component HTTP POST Request Handler. Executing a manipulation can lead to server-side request forgery.

This vulnerability is tracked as CVE-2026-25883. The attack can be launched remotely. No exploit exists.

Upgrading the affected component is recommended.

CVE-2026-25883 | Vexa-ai vexa prior 0.10.0-260419-1910 HTTP POST Request server-side request forgery (GHSA-fhr6-8hff-cvg4)

Post correlati

CVE-2025-61768 | xuemian168 kuno up to 1.3.14 Media server-side request forgery (GHSA-4f5f-2c49-5mwm)

CVE-2023-6906 | Totolink A7100RU 7.4cu.2313_B20191024 HTTP POST Request cstecgi.cgi main flag buffer overflow

CVE-2020-37151 | Ciprianmp phpMyChat Plus 1.98 deluser.php pmc_username sql injection (Exploit 48066)

CVE-2024-8177 | GitLab Community Edition/Enterprise Edition up to 17.4.4/17.5.2/17.6.0 Harbor Registry algorithmic complexity (Issue 480706)