PT-2026-51095

Name of the Vulnerable Software and Affected Versions miniflux-v2 affected versions not specified Description URL restrictions can be bypassed, leading to an open redirect. The application uses the IsRelativePath function to validate redirect URLs by requiring relative paths and prohibiting host ...

FastNetMon 安全漏洞

FastNetMon is a high-performance DDoS detector/sensor developed by Pavel Odintsov. It is built using multiple packet capture engines. Versions of FastNetMon Community Edition prior to 1.2.9 contained security vulnerabilities. These vulnerabilities stemmed from the use of predictable file paths an...

CVE-2026-43899 DeepChat: Incomplete Fix for CVE-2025-55733 leads to Remote Code Execution via Markdown Links bypassing `isValidExternalUrl`

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, An incomplete mitigation for CVE-2025-55733 leaves DeepChat vulnerable to an arbitrary protocol execution bypass RCE. While the patch correctly restricted...

PT-2026-25021

Unhead is a document head and template manager. Prior to 2.1.11, The link.href check in makeTagSafe safe.ts uses String.includes, which is case-sensitive. Browsers treat URI schemes case-insensitively. DATA:text/css,... is the same as data:text/css,... to the browser, but 'DATA:...'.includes'data...

EUVD-2021-24227

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-37746

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - textviewurisecuritycheck in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click...

CVE-2024-48908

lychee link checking action checks links in Markdown, HTML, and text files using lychee. Prior to version 2.0.2, there is a potential attack of arbitrary code injection vulnerability in lychee-setup of the composite action at action.yml. This issue has been patched in version 2.0.2...

The vulnerability of the Anti-Malware module of the Trend Micro Deep Security Agent operating system for Windows allows a malicious actor to escalate their privileges and execute arbitrary code.

The vulnerability of the Anti-Malware module of the Trend Micro Deep Security Agent antivirus protection software for Windows operating systems is related to an incorrect determination of the link before accessing a file. Exploiting this vulnerability can allow attackers to enhance their privileg...

Contao 安全漏洞

Contao is an open source content management system CMS developed in PHP. The system supports search engines, rights management, and CSS frameworks. A security vulnerability exists in Contao version 4.x prior to version 4.13.40 and version 5.x prior to version 5.3.4, which stems from a cookie mark...

RHEL 8 : pesign (RHSA-2023:1829)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:1829 advisory. The pesign packages provide the pesign utility for signing UEFI binaries as well as other associated tools. Security Fixes: pesign: Local privilege...

SUSE CVE-2021-37746

textviewurisecuritycheck in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click...

The vulnerability of the Node.js module for processing tar archives, Node-tar, is related to shortcomings in pathname restrictions for directories. This allows attackers to compromise data integrity and cause service failures.

The vulnerability of the Node.js module for processing tar archives with the Node-tar module is related to the possibility of bypassing the symbolic link checks for directories. Exploiting this vulnerability can allow an attacker to compromise data integrity and cause service failures...

Privilege Escalation

claws-mail is vulnerable to privilege escalation. The vulnerability exists due to the lack of link checks before accepting a click in textviewurisecuritycheck in textview.c...

Trend Micro Security 后置链接漏洞

Trend Micro Security is a suite of computer security software from Trend Micro, Inc. A back-linking vulnerability exists in Trend Micro Security Consumer, which stems from the product's failure to properly check for symbolic links to think-only directories. An attacker could exploit the...

Updated sylpheed and claws-mail packages fix security vulnerability

Updated sylpheed and claws-mail packages fix security vulnerability: The textviewurisecuritycheck function in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click CVE-2021-37746...

MGASA-2021-0408 Updated sylpheed and claws-mail packages fix security vulnerability

Updated sylpheed and claws-mail packages fix security vulnerability: The textviewurisecuritycheck function in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click CVE-2021-37746...

CVE-2021-37746

textviewurisecuritycheck in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click...

CVE-2021-37746

textviewurisecuritycheck in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click...

Code injection

textviewurisecuritycheck in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click...

CVE-2021-37746

textviewurisecuritycheck in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click...