CVE-2026-42194

Admidio is an open-source user management solution. Prior to version 5.0.9, the incomplete SSRF fix in Admidio's fetchmetadata.php validates the resolved IP address but passes the original hostname-based URL to curlinit, leaving a DNS rebinding TOCTOU window that allows redirecting requests to...

SUSE CVE-2004-1392

PHP 4.0 with cURL functions allows remote attackers to bypass the openbasedir setting and read arbitrary files via a file: URL argument to the curlinit function...