CVE-2026-21885

Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's media proxy endpoint GET /proxy/encodedDigest/encodedURL can be abused to perform Server-Side Request Forgery SSRF. An authenticated user can cause Miniflux to generate a signed proxy URL for attacker-chosen media URLs...

PT-2024-28014 · Xenforo · Xenforo

Name of the Vulnerable Software and Affected Versions: Xenforo versions prior to 2.2.16 Description: The issue allows code injection. Recommendations: For versions prior to 2.2.16, update to version 2.2.16 or later to resolve the issue...

GHSA-FR28-569J-53C4 Django Incorrect Default Permissions

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 when Python 3.7+ is used. The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077...

PT-2012-2407 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: apache2 versions prior to 2.2.16-6+squeeze7 apache2 versions prior to 2.2.22-4 Description: The default configuration of the apache2 package, when mod php or mod rivet is used, provides example scripts under the doc/ URI. This might allow loc...