Security Vulnerabilities
A Server-Side Request Forgery (SSRF) vulnerability was identified in the @opennextjs/cloudflare package, resulting from a path normalization bypass in the /cdn-cgi/image/ handler.The @opennextjs/cloudflare worker template includes a /cdn-cgi/image/ handler intended for development use only. In production, Cloudflare's edge intercepts /cdn-cgi/image/ requests before they reach the Worker. However, by substituting a backslash for a forward slash (/cdn-cgi\image/ instead of /cdn-cgi/image/), an attacker can bypass edge interception and have the request reach the Worker directly. The JavaScript URL class then normalizes the backslash to a forward slash, causing the request to match the handler and trigger an unvalidated fetch of arbitrary remote URLs.
For example:
https://victim-site.com/cdn-cgi\image/aaaa/https://attacker.com
In this example, attacker-controlled content from attacker.com is served through the victim site's domain (victim-site.com), violating the same-origin policy and potentially misleading users or other services.
Note: This bypass only works via HTTP clients that preserve backslashes in paths (e.g., curl --path-as-is). Browsers normalize backslashes to forward slashes before sending requests.
Additionally, Cloudflare Workers with Assets and Cloudflare Pages suffer from a similar vulnerability. Assets stored under /cdn-cgi/ paths are not publicly accessible under normal conditions. However, using the same backslash bypass (/cdn-cgi\... instead of /cdn-cgi/...), these assets become publicly accessible. This could be used to retrieve private data. For example, Open Next projects store incremental cache data under /cdn-cgi/_next_cache, which could be exposed via this bypass.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-03-04
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvNetwork.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-03-04
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWizard.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-03-04
Dell Device Management Agent (DDMA), versions prior to 26.02, contain an Incorrect Authorization vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
CVSS Score
5.5
EPSS Score
0.0
Published
2026-03-04
A vulnerability in Cisco Webex could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability, and no customer action is needed.
This vulnerability was due to improper filtering of user-supplied input. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to follow a malicious link. A successful exploit could have allowed the attacker to conduct an XSS attack against the targeted user.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-03-04
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAutoDetecWAN_wizard4.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-03-04
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via POST to the goform/formAdvFirewall component.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-03-04
PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bannerID parameter in click.php3. Attackers can submit crafted bannerID values using SQL comment syntax and functions like extractvalue to extract sensitive database information such as the current database name.
CVSS Score
7.1
EPSS Score
0.0
Published
2026-03-04
Tradebox 5.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the symbol parameter. Attackers can send POST requests to the monthly_deposit endpoint with malicious symbol values using boolean-based blind, time-based blind, error-based, or union-based SQL injection techniques to extract sensitive database information.
CVSS Score
7.1
EPSS Score
0.0
Published
2026-03-04
FreeSMS 2.1.2 contains a boolean-based blind SQL injection vulnerability in the password parameter that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login endpoint. Attackers can exploit the vulnerable password parameter in requests to /pages/crc_handler.php?method=login to authenticate as any known user and subsequently modify their password via the profile update function.
CVSS Score
8.2
EPSS Score
0.002
Published
2026-03-04