CaptainB

2 exploits Active since Aug 2023
CVE-2026-56779 WRITEUP MEDIUM WRITEUP
MaxKB < 2.10.0 - Server-Side Request Forgery via downloadCallbackUrl and download_url Parameters
MaxKB before 2.10.0 contains a server-side request forgery vulnerability in tool creation and update endpoints that allows authenticated users to make arbitrary server requests by supplying unvalidated downloadCallbackUrl and download_url parameters. Attackers with default workspace USER role can exploit this to access internal network services by providing malicious URLs to the ToolSerializer endpoints.
CVSS 6.4
CVE-2023-38494 WRITEUP MEDIUM WRITEUP
MeterSphere <2.10.4 LTS - Info Disclosure
MeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. Version 2.10.4 LTS contains a patch for this issue.
CVSS 5.9