CVE-2026-42965

CVE-2026-42965 affects the OpenShift Router. The issue arises when a user with EndpointSlice write access creates a Service backed by an FQDN EndpointSlice that resolves to a cloud metadata endpoint, allowing the router to proxy requests to that endpoint and disclose instance credentials and othe...

CVE-2026-42965 Openshift/router: openshift/router: cloud metadata ssrf via fqdn-typed endpointslice bypasses destination validation

A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN Fully Qualified Domain Name EndpointSlice that resolves to a cloud metadata endpoint. This allows the router to proxy requests to the cloud...

CVE-2026-44258

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the elfindercheckRisk function validates target and targets for path traversal and home containment, but does not validate the dst destination parameter used by elfinderpaste. An attacker can copy or move files from within the home...

CVE-2026-44258

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the elfindercheckRisk function validates target and targets for path traversal and home containment, but does not validate the dst destination parameter used by elfinderpaste. An attacker can copy or move files from within the home...

GHSA-P9W9-87C8-M235 Admidio Sends SAML Response to Unvalidated Assertion Consumer Service URL from AuthnRequest

Summary The SAML IdP implementation in Admidio's SSO module uses the AssertionConsumerServiceURL value directly from incoming SAML AuthnRequest messages as the destination for the SAML response, without validating it against the registered ACS URL smcacsurl stored in the database for the...

CVE-2026-34954

PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.downloadfile in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream with followredirects=True. An attacker who controls the URL can reach any...

CVE-2026-32113

Summary: CVE-2026-32113 affects Discourse, where the enter action in StaticController can read the sso_destination_url cookie and redirect to that URL with allow_other_host: true without validating the destination. This creates an open-redirect risk when SSO cookies are client-controlled. Affecte...

CVE-2026-26957

Libredesk is a self-hosted customer support desk application. Versions prior to 1.0.2-0.20260215211005-727213631ce6 fail to validate destination URLs for webhooks, allowing an attacker posing as an authenticated "Application Admin" to force the server to make HTTP requests to arbitrary internal...

CVE-2026-25566

WeKan versions prior to 8.19 contain an authorization vulnerability in card move logic. A user can specify a destination board/list/swimlane without adequate authorization checks for the destination and without validating that destination objects belong to the destination board, potentially...

CVE-2026-25566 WeKan < 8.19 Cross-board Card Move Without Destination Authorization

WeKan versions prior to 8.19 contain an authorization vulnerability in card move logic. A user can specify a destination board/list/swimlane without adequate authorization checks for the destination and without validating that destination objects belong to the destination board, potentially...

CVE-2026-25566

The connected documents confirm a concrete vulnerability in WeKan versions prior to 8.19: an authorization flaw in the card move logic allows a user to specify a destination board, list, or swimlane without proper authorization checks and without validating that the destination items belong to th...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the copyFile function, which fails to validate the dest parameter. An attacker can write files to arbitrary locations on the filesystem by supplying crafted paths, potentially leading to execution of malicious co...

CVE-2026-23531 FreeRDP has heap-buffer-overflow in clear_decompress

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when glyphData is present, cleardecompress calls freerdpimagecopynooverlap without validating the destination rectangle, allowing an out-of-bounds read/write via crafted RDPGFX surface updates...

CVE-2025-59824

Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to version 0.48.0, Omni Wireguard SideroLink has the potential to escape. Omni and each Talos machine establish a peer-to-peer P2P SideroLink connection using WireGuard to mutually authenticate and authorize access. The...

Omni Wireguard SideroLink potential escape

Overview Omni and each Talos machine establish a peer-to-peer P2P SideroLink connection using WireGuard to mutually authenticate and authorize access. In this setup, Omni assigns a random IPv6 address to each Talos machine from a /64 network block. Omni itself uses the fixed ::1 address within th...

GHSA-HQRF-67PM-WGFQ Omni Wireguard SideroLink potential escape

Overview Omni and each Talos machine establish a peer-to-peer P2P SideroLink connection using WireGuard to mutually authenticate and authorize access. In this setup, Omni assigns a random IPv6 address to each Talos machine from a /64 network block. Omni itself uses the fixed ::1 address within th...

SUSE CVE-2025-39850

In the Linux kernel, the following vulnerability has been resolved: vxlan: Fix NPD in arp,neighreduce when using nexthop objects When the "proxy" option is enabled on a VXLAN device, the device will suppress ARP requests and IPv6 Neighbor Solicitation messages if it is able to reply on behalf of...

GHSA-HJ6F-7HP7-XG69 Mautic vulnerable to SSRF via webhook function

Summary Users with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the partial request response is also disclosed Details When sending webhooks, the destination is not validated, causing SSRF. Impact Bypass of firewalls to interact with interna...

CVE-2025-9821

SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the partial request response is also disclosed DetailsWhen sending webhooks, the destination is not validated, causing SSRF. ImpactBypass of firewalls to interact with internal...

DEBIAN-CVE-2024-38621

In the Linux kernel, the following vulnerability has been resolved: media: stk1160: fix bounds checking in stk1160copyvideo The subtract in this condition is reversed. The -length is the length of the buffer. The -bytesused is how many bytes we have copied thus far. When the condition is reversed...