PT-2026-3253

Name of the Vulnerable Software and Affected Versions Nu Html Checker versions prior to commit 23f090a11bab8d0d4e698f1ffc197a4fe226a9cd Description The Nu Html Checker validator.nu is susceptible to a restriction bypass that enables remote attackers to initiate arbitrary HTTP/HTTPS requests to...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001376)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001376 advisory. In the Linux kernel before 5.4.2, the iouring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004239)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004239 advisory. In the Linux kernel before 5.4.2, the iouring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001258)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001258 advisory. The ipcmsgrecvchecksum function in net/ipv4/ipsockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002818)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002818 advisory. The ipcmsgrecvchecksum function in net/ipv4/ipsockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002802)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002802 advisory. The ipcmsgrecvchecksum function in net/ipv4/ipsockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users...

BIT-MASTODON-2026-22245 Mastodon has SSRF Protection bypass

Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbound requests to user-provided domains. Mastodon, however, has some protection mechanism to disallow requests to local IP addresses unless specified in ALLOWEDPRIVATEADDRESSES to...

CVE-2026-22245

Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbound requests to user-provided domains. Mastodon, however, has some protection mechanism to disallow requests to local IP addresses unless specified in ALLOWEDPRIVATEADDRESSES to...

CVE-2018-12301

Unvalidated URL in Download Manager in Seagate NAS OS version 4.3.15.1 allows attackers to access the loopback interface via a Download URL of 127.0.0.1 or localhost...

CVE-2022-35942

Improper input validation on the contains LoopBack filter may allow for arbitrary SQL injection. When the extended filter property contains is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of data...

CVE-2026-22245

Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbound requests to user-provided domains. Mastodon, however, has some protection mechanism to disallow requests to local IP addresses unless specified in ALLOWEDPRIVATEADDRESSES to...

EUVD-2026-1674

Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbound requests to user-provided domains. Mastodon, however, has some protection mechanism to disallow requests to local IP addresses unless specified in ALLOWEDPRIVATEADDRESSES to...

CVE-2026-22245 Mastodon has SSRF Protection bypass

Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbound requests to user-provided domains. Mastodon, however, has some protection mechanism to disallow requests to local IP addresses unless specified in ALLOWEDPRIVATEADDRESSES to...

CVE-2026-22245 Mastodon has SSRF Protection bypass

Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbound requests to user-provided domains. Mastodon, however, has some protection mechanism to disallow requests to local IP addresses unless specified in ALLOWEDPRIVATEADDRESSES to...

CVE-2026-22245 Mastodon has SSRF Protection bypass

Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbound requests to user-provided domains. Mastodon, however, has some protection mechanism to disallow requests to local IP addresses unless specified in ALLOWEDPRIVATEADDRESSES to...

PT-2026-2181

Name of the Vulnerable Software and Affected Versions Mastodon versions 4.2.29, 4.3.17, 4.4.11, and 4.5.4 Description Mastodon is a social network server that makes outbound requests to user-provided domains. A protection mechanism exists to disallow requests to local IP addresses, intended to...

Miniflux Media Proxy SSRF via /proxy endpoint allows access to internal network resources

Summary Miniflux's media proxy endpoint GET /proxy/encodedDigest/encodedURL can be abused to perform Server-Side Request Forgery SSRF. An authenticated user can cause Miniflux to generate a signed proxy URL for attacker-chosen media URLs embedded in feed entry content, including internal addresse...

PT-2026-6127

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue within the vsock/virtio subsystem related to buffer coalescing in the receive queue. Specifically, the code attempts to join a linear skb socket buffer...

PT-2026-27669

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the ipv6 subsystem, specifically within the ip6 rt get dev rcu function. The issue arises when the l3mdev master dev rcu function returns NULL during...

PT-2026-27665

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s IPv6 networking subsystem. Specifically, a panic can occur when an IPv4 route references a loopback IPv6 nexthop. This happens because fib6 nh init...