CouchCMS 代码问题漏洞

CouchCMS is an open-source content management system CMS designed for designers. Version 2.2.1 of CouchCMS has a code vulnerability caused by server-side request forgeing issues. This vulnerability could allow authenticated attackers to initiate arbitrary HTTP requests by uploading malicious SVG...

oinone-pamirs 代码问题漏洞

Oinone-Pamirs is an AI-driven low-code development framework developed by Oinone. Version 7.0.0 of Oinone-Pamirs contains code vulnerabilities. These vulnerabilities stem from the XML parsing logic based on XStream. When attacker-controlled XML is passed to the framework’s parsing points, such as...

Open WebUI 代码问题漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.5.11 have code vulnerabilities. These vulnerabilities stem from the PDF export feature, where user input is interpreted as HTML and embedded in PDFs. Additionally,...

Open WebUI < 0.9.5 Multiple Vulnerabilities

The version of Open WebUI running on the remote host is prior to 0.9.5. It is, therefore, affected by multiple vulnerabilities: - An insecure direct object reference IDOR vulnerability in the retrieval API allows any authenticated user who knows a private knowledge base UUID to bypass access...

Adobe Substance 3D Designer <= 15.1.0 Multiple Vulnerabilities (APSB26-52)

The version of Adobe Substance 3D Designer installed on the remote host is prior or equal to 15.1.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-52 advisory. - Substance3D - Designer versions 15.1.0 and earlier are affected by a Server-Side Request Forgery...

Open WebUI 代码问题漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.0 had code vulnerabilities. These vulnerabilities stemmed from the processpictureurl function, which extracted arbitrary URLs from OAuth image claims without...

Open WebUI 输入验证错误漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Prior to Open WebUI 0.9.3, there was a vulnerability related to input validation errors. This vulnerability stemmed from the image upload feature’s cross-site request forgeing mechanism, which could...

CVE-2026-39053

Oinone Pamirs 7.0.0 contains an XML External Entity XXE issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils.fromXML... or ViewXmlUtils.fromXML..., unsafe XML processing can lead to file disclosure or SSRF...

PT-2026-41339

CouchCMS 2.2.1 contains a server-side request forgery vulnerability that allows authenticated attackers to make arbitrary HTTP requests by uploading malicious SVG files. Attackers can upload SVG files containing external entity references through the browse.php endpoint to access internal service...

WordPress plugin Notify Odoo 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-41394

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.34.8 Description An authenticated user can trigger server-side requests to internal network addresses. This occurs because the processUrlFile function in packages/server/src/automations/steps/ai/extract.ts uses...

PT-2026-41315

Name of the Vulnerable Software and Affected Versions LibJWT versions 3.0.0 through 3.3.2 Description LibJWT accepts an RSA JSON Web Key JWK lacking an alg parameter as the verification key for HS256, HS384, or HS512 tokens. When using the OpenSSL backend, this results in HMAC verification...

PT-2026-41396

Impact An attacker who can MITM the TLS connection between the client and the IDP within the TI network can substitute a forged discovery document. The forged document redirects u ri puk idp enc and uri puk idp sig to attacker-controlled URLs. The client then encrypts the SMC-B-signed challenge...

PT-2026-41305

Oinone Pamirs 7.0.0 contains an XML External Entity XXE issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils.fromXML... or ViewXmlUtils.fromXML..., unsafe XML processing can lead to file disclosure or SSRF...

PT-2026-41268

Name of the Vulnerable Software and Affected Versions FOX – Currency Switcher Professional for WooCommerce versions prior to 1.4.6 Description The plugin is susceptible to unauthorized data loss because the admin head function lacks a proper capability check. Authenticated users with...

Fujitsu Musetheque V4 跨站请求伪造漏洞

Fujitsu Musetheque V4 is a digital archive and collection information management system developed by Fujitsu for museums and cultural institutions. Versions of Fujitsu Musetheque V4 prior to rev2203.0 contained a cross-site request forgeing vulnerability. This vulnerability arises from cross-site...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the HTTP-based namespace verification process. An attacker can access internal or private network resources by supplying specially crafted IPv6 addresses that bypass the intended address allowlist...

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength due to insufficient enforcement of length and entropy requirements for the JWTSECRET configuration value. An attacker can gain unauthorized access to user accounts by forging authentication tokens using we...

CVE-2026-44430

CVE-2026-44430 affects the MCP Registry: unauthenticated SSRF via the HTTP namespace verification that dials attacker-controlled domains. The root cause is an allowlist that only covers classic IPv4-derived categories and a manual CGNAT range, while omitting IPv6 prefixes that embed IPv4—specific...

CVE-2026-44430 MCP Registry: Unauthenticated SSRF: HTTP namespace verification dials 6to4 / NAT64 / site-local IPv6 addresses, bypassing private-address allowlist

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the Registry's HTTP-based namespace verification POST /v0/auth/http, POST /v0.1/auth/http uses safeDialContext internal/api/handlers/v0/auth/http.go:67-110 to refuse dialling...