NVD HIGH: CVE-2026-9372 — A flaw has been found in ItzCrazyKns Vane up to 1.12.1. This vulnerability affec...

Sunday, May 24, 2026 at 11:16 AM UTC·Source: NIST NVD

Updated: Friday, May 29, 2026 at 05:00 AM UTC

Executive Summary

A flaw has been found in ItzCrazyKns Vane up to 1.12.1. This vulnerability affects unknown code of the file src/app/api/providers/route.ts of the component Model Provider API. This manipulation of the argument baseURL causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and may be used. The project was informed of the problem early throu

Analysis

Indicators of Compromise (1)

CVE (1)

CVE-2026-9372

NVD MITRE CVE

Source Attribution

Originally published by NIST NVD on May 24, 2026. Verified by: NIST.

Related Threats

CRITICALVulnerabilityNEW

CISA flags two-year-old Oracle flaw as actively exploited in attacks

CISA has ordered government agencies to secure their systems against a high-severity Oracle WebLogic Server vulnerability that was patched two years ago and is now actively exploited in attacks. [...]

44m agoBleepingComputer

CRITICALVulnerabilityNEW

Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches

A stack-based buffer overflow bug can be exploited for remote code execution on a vulnerable device. The post Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches appeared first on SecurityWeek .

58m agoSecurityWeek

MEDIUMVulnerability

Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts. It Worked

Jason Koebler reports: Hackers say that they used Meta’s AI support chatbot to break into a host of high-profile Instagram profiles by asking the support bot to change the email address associated with the target account. The claims coincide with a series of high-profile Instagram account takeovers, including the Barack Obama White House account, the Chief Master... Source

1h agoDataBreaches.net