Shopware: SSRF in Media External-Link Endpoint Bypasses IP Validation

Summary The /api/action/media/external-link endpoint allows authenticated admin users to make server-side HTTP HEAD requests to arbitrary internal IP addresses. While the parallel uploadFromURL flow validates target IPs against private/reserved ranges via FileUrlValidator, the linkURL flow only...

GHSA-GQ96-5PFX-F4VC Shopware: SSRF in Media External-Link Endpoint Bypasses IP Validation

Summary The /api/action/media/external-link endpoint allows authenticated admin users to make server-side HTTP HEAD requests to arbitrary internal IP addresses. While the parallel uploadFromURL flow validates target IPs against private/reserved ranges via FileUrlValidator, the linkURL flow only...

CVE-2026-10861

An open redirect vulnerability existed in MISP UsersController::routeafterlogin because the value stored in the preloginrequestedurl session key was used as the post-login redirect destination without sufficiently enforcing that it was a local application path. An unauthenticated remote attacker...

PT-2026-46889

Summary The /api/ action/media/external-link endpoint allows authenticated admin users to make server-side HTTP HEAD requests to arbitrary internal IP addresses. While the parallel uploadFromURL flow validates target IPs against private/reserved ranges via FileUrlValidator, the linkURL flow only...

PT-2026-46863

Summary The /api/ action/media/external-link endpoint allows authenticated admin users to make server-side HTTP HEAD requests to arbitrary internal IP addresses. While the parallel uploadFromURL flow validates target IPs against private/reserved ranges via FileUrlValidator, the linkURL flow only...

EUVD-2026-31380

Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page cvName because updateCollectionAliasExternal bypasses being sanitized. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.0 with...

CVE-2026-8139

Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page cvName because updateCollectionAliasExternal bypasses being sanitized. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.0 with...

CVE-2026-8139 Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page cvName

Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page cvName because updateCollectionAliasExternal bypasses being sanitized. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.0 with...

CVE-2026-8139 Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page cvName

Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page cvName because updateCollectionAliasExternal bypasses being sanitized. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.0 with...

CVE-2026-8139

Concrete CMS versions 9.5.0 and earlier are vulnerable to stored XSS on the external-link page cvName due to updateCollectionAliasExternal bypassing sanitization. The issue is triggered by the sanitize bypass in updateCollectionAliasExternal, enabling stored scripts delivered to users. Affected p...

CVE-2026-8139

Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page cvName because updateCollectionAliasExternal bypasses being sanitized. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.0 with...

PT-2026-42581

Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description Stored Cross-Site Scripting XSS occurs via the 'external-link' page cvName because the updateCollectionAliasExternal function bypasses sanitization. Stored XSS is a flaw where malicious scripts...

CVE-2026-43899

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, An incomplete mitigation for CVE-2025-55733 leaves DeepChat vulnerable to an arbitrary protocol execution bypass RCE. While the patch correctly restricted...

CVE-2026-43899 DeepChat: Incomplete Fix for CVE-2025-55733 leads to Remote Code Execution via Markdown Links bypassing `isValidExternalUrl`

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, An incomplete mitigation for CVE-2025-55733 leaves DeepChat vulnerable to an arbitrary protocol execution bypass RCE. While the patch correctly restricted...

CVE-2026-44113

creationtimestamp| type| source ---|---|--- 2026-05-06 21:44:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml7octvlei2p 2026-05-19 18:30:06+00:00| seen| https://t.me/truesecator/8221...

Cross-site Scripting (XSS)

Overview org.apache.wicket:wicket-core is a Java web application framework that takes simplicity, separation of concerns and ease of development to a whole new level. Wicket pages can be mocked up, previewed and later revised using standard WYSIWYG HTML design tools. Dynamic content processing an...

Cross-site Scripting (XSS)

Overview org.apache.wicket:wicket-extensions is a rich component library for the Wicket framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper neutralization of JavaScript in PopupSettings.java‎, Link.java, and ExternalLink.java markup. An attacker ca...

CVE-2026-26210

creationtimestamp| type| source ---|---|--- 2026-04-23 23:27:09+00:00| published-proof-of-concept| Telegram/kiTcjsXT1hi2Y3u94e7GhzIuEtNJE-kdjO7sui75MorBPg 2026-04-24 02:03:29+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mk7gpvyqbh2y 2026-04-25 01:10:56+00:00| seen|...

Malicious code in @bmg-web/bmg-external-link (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6373b00808251dd64521cfb1864a0bf382c5df23e976984dea8dbebf925bbb63 The package @bmg-web/bmg-external-link was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2987 Malicious code in @bmg-web/bmg-external-link (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6373b00808251dd64521cfb1864a0bf382c5df23e976984dea8dbebf925bbb63 The package @bmg-web/bmg-external-link was found to contain malicious code. Source: ossf-package-analysis...