Astra Linux – Vulnerability in Firefox

If temporary “one-time” permissions, such as the ability to use the Camera, are granted to a document loaded using a file: URL, those permissions persist in that tab for all other documents loaded from the same file: URL. This is potentially dangerous if the local files come from different source...

GHSA-HGQW-6M45-HW5F Streamlink has an arbitrary local file read via file:// URI in HLS and DASH

Summary Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries and other resources. A remote .m3u8 HLS playlist or .mpd DASH manifest can list file:///path/to/file as a segment, and streamlink will read that local file and write its contents to the output stream...

CVE-2026-42307

Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the sftp:// or file:// protocol handlers, an attacker can execute arbitrary...

UBUNTU-CVE-2026-42307

Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the sftp:// or file:// protocol handlers, an attacker can execute arbitrary...

CVE-2026-42307

Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the sftp:// or file:// protocol handlers, an attacker can execute arbitrary...

Server-side Request Forgery (SSRF)

Overview github.com/gotenberg/gotenberg/v7/pkg/modules/chromium is a Docker-powered stateless API for PDF files. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the convertUrlRoute and screenshotUrlRoute processes. An attacker can access sensitive files...

CVE-2026-43577

OpenClaw before 2026.4.9 contains a file read vulnerability allowing attackers to bypass navigation guards through browser act/evaluate interactions. Attackers can pivot into the local CDP origin and create or read disallowed file:// pages despite direct navigation policy restrictions...

PT-2026-38232

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.9 Description A file read issue allows attackers to bypass navigation guards through browser act/evaluate interactions. This enables attackers to pivot into the local Chrome DevTools Protocol CDP origin and...

Astra Linux – Vulnerability in Firefox

A compromised web child process could disable web security opening restrictions, resulting in a new child process being spawned within the file:// context. With a reliable exploit primitive, this new process could be exploited again, leading to arbitrary file reading. This vulnerability affects...

CVE-2026-41177

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery SSRF. The application fails to validate the URI scheme of the user-supplied Url parameter, allowing the use ...

CVE-2026-41177 Squidex has Blind SSRF via file:// Protocol in Restore API leading to Local File Interaction

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery SSRF. The application fails to validate the URI scheme of the user-supplied Url parameter, allowing the use ...

CVE-2026-41177

CVE-2026-41177 — Squidex Restore API Blind SSRF : The Restore API in Squidex (pre-7.23.0) fails to validate the URI scheme of the user-supplied Url parameter, allowing an authenticated administrator to trigger the backend to access the local filesystem via a file:// URL. This can lead to Local Fi...

EUVD-2026-25110

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery SSRF. The application fails to validate the URI scheme of the user-supplied Url parameter, allowing the use ...

CVE-2026-41177 Squidex has Blind SSRF via file:// Protocol in Restore API leading to Local File Interaction

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery SSRF. The application fails to validate the URI scheme of the user-supplied Url parameter, allowing the use ...

Squidex 安全漏洞

Squidex is an open-source content management system developed by Squidex. Versions of Squidex prior to 7.23.0 contained security vulnerabilities. These vulnerabilities stemmed from the Restore API not verifying the URI scheme of the URL parameters provided by users. The use of the file:// protoco...

PT-2026-34572

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery SSRF. The application fails to validate the URI scheme of the user-supplied Url parameter, allowing the use ...

CVE-2026-35187

pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the parseurls API function in src/pyload/core/api/init.py fetches arbitrary URLs server-side via geturlurl pycurl without any URL validation, protocol restriction, or IP blacklist. An authenticated...

CVE-2026-35187

CVE-2026-35187 affects pyload/pyload-ng prior to 0.5.0b3.dev97, where parse_urls(...) calls get_url(url) without URL validation, protocol restriction, or IP blacklist. This enables Server-Side Request Forgery (SSRF) via crafted URLs and multi‑protocol support (http/https, file://, gopher://, dict...

EUVD-2026-19360

Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the authorization middleware config admin.go, making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication,...

PT-2026-30319

Vulnerability Details CWE-918: Server-Side Request Forgery SSRF The parse urls API function in src/pyload/core/api/ init .py line 556 fetches arbitrary URLs server-side via get urlurl pycurl without any URL validation, protocol restriction, or IP blacklist. An authenticated user with ADD permissi...