CVE-2026-54304 n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.1, an authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could configure the SecurityScorecard node's report download...

Malicious code in share-anything-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 290f9dadaf589349dd8a7c641450aca713a6ead63b2ba685c15e4e6a37ab3b07 The package's package.json declares a postinstall lifecycle hook "postinstall": "node install.js" that runs install.js automatically on npm install...

Malicious code in use-context-selector-tony (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6dde262b1fecc08fe5853c4ec7ada6c3c3746a6e7afb5bd18c33d5adfa03843c This package is a name-squat of the popular use-context-selector library and ships a postinstall script dist/postinstall.js / src/postinstall.js that...

Origin Validation Error

Overview cinny is a Yet another matrix client Affected versions of this package are vulnerable to Origin Validation Error in the process that handles emoji pack avatar URLs in the service worker. An attacker can obtain a victim's access token by crafting a malicious emote pack with an...

CVE-2026-35572

ChurchCRM is an open-source church management system. Prior to 6.5.3, it is possible to trigger server-side HTTP/HTTPS requests to arbitrary hosts SSRF by supplying a crafted URL in the Referer request header. The server subsequently makes an outbound request to the attacker-controlled domain,...

CVE-2026-35036

Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, Ech0 implements link preview editor fetches a page title through GET /api/website/title. That is legitimate product behavior, but the implementation is unsafe: the route is unauthenticated, accepts ...

OpenClaw: SSRF via Unguarded Configured Base URLs in Multiple Channel Extensions (Incomplete Fix for CVE-2026-28476)

Summary SSRF via Unguarded Configured Base URLs in Multiple Channel Extensions Incomplete Fix for CVE-2026-28476 Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24...

Exploit for CVE-2026-26801

pdfmake SSRF Vulnerability PoC Vulnerability Summary | Fi...

Centrifugo: SSRF via unverified JWT claims interpolated into dynamic JWKS endpoint URL

Summary Centrifugo is vulnerable to Server-Side Request Forgery SSRF when configured with a dynamic JWKS endpoint URL using template variables e.g. tenant. An unauthenticated attacker can craft a JWT with a malicious iss or aud claim value that gets interpolated into the JWKS fetch URL before the...

EUVD-2026-11716

Centrifugo: SSRF via unverified JWT claims interpolated into dynamic JWKS endpoint URL...

CVE-2026-32301

Centrifugo is an open-source scalable real-time messaging server. Prior to 6.7.0, Centrifugo is vulnerable to Server-Side Request Forgery SSRF when configured with a dynamic JWKS endpoint URL using template variables e.g. tenant. An unauthenticated attacker can craft a JWT with a malicious iss or...

CVE-2026-32096

Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.0, a Server-Side Request Forgery SSRF vulnerability existed in the SNS webhook handler. An unauthenticated attacker could send a crafted request that caused the server to make an arbitrary outbound HTTP GET request to an...

GHSA-7R34-79R5-RCC9 MCP Atlassian has SSRF via unvalidated X-Atlassian-Jira-Url / X-Atlassian-Confluence-Url headers

Summary An unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound HTTP requests to an arbitrary attacker-controlled URL by supplying two custom HTTP headers without an Authorization header. No authentication is required. The...

CVE-2025-11864

A vulnerability was identified in NucleoidAI Nucleoid up to 0.7.10. The impacted element is the function extension.apply of the file /src/cluster.ts of the component Outbound Request Handler. Such manipulation of the argument https/ip/port/path/headers leads to server-side request forgery. The...

CVE-2025-11864 NucleoidAI Nucleoid Outbound Request cluster.ts extension.apply server-side request forgery

A vulnerability was identified in NucleoidAI Nucleoid up to 0.7.10. The impacted element is the function extension.apply of the file /src/cluster.ts of the component Outbound Request Handler. Such manipulation of the argument https/ip/port/path/headers leads to server-side request forgery. The...

CVE-2025-11864

CVE-2025-11864 affects NucleoidAI Nucleoid up to 0.7.10. The vulnerable element is the function extension.apply in /src/cluster.ts of the Outbound Request Handler. Manipulation of the argument https/ip/port/path/headers can lead to server-side request forgery (SSRF). The attack can be performed r...

Nucleoid 代码问题漏洞

Nucleoid is a neural symbolic AI with a knowledge graph open-sourced by Nucleoid. A code issue vulnerability exists in Nucleoid 0.7.10 and earlier versions, which stems from incorrect manipulation of the parameter https/ip/port/path/headers of the function extension.apply of the component Outboun...

EUVD-2022-35112

Malicious code in bioql PyPI...

Deno 安全漏洞

Deno is open source a simple , modern and secure JavaScript and TypeScript runtime environment . It uses V8 and is built with Rust. A security vulnerability exists in Deno version 1.34.0, denoruntime version 0.114.0, which stems from an incorrectly checked outbound HTTP request made using the...

golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters

A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an...