CVE-2026-40168

Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/stream endpoint is vulnerable to SSRF. Although the application validates the initially supplied URL and blocks direct private/internal hosts, it does not re-validate the final destination after HTTP redirects. As a...

Exposure of Resource to Wrong Sphere

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere in the handling of shared reply MEDIA references, where paths are treated as trusted. An attacker can cause unauthorized access to local files by...

PT-2026-31033

Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.This issue affects non release branches...

Server-side Request Forgery (SSRF)

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the downloadbytesfromurl function. An attacker can cause the server to make arbitrary HTTP or HTTPS requests to...

Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to DNS rebinding protection being disabled by default in HTTP-based servers using StreamableHTTPHandler or SSEHandler. An attacker can access internal resources or invoke tools exposed by...

Intel Processors 安全漏洞

Intel Processors are a series of processors developed by the American company Intel. There are security vulnerabilities in Intel Processors, which stem from the exposure of resources to incorrect ranges, potentially leading to information leaks. System software attackers with privileged access...

CVE-2026-27567

Payload is a free and open source headless content management system. Prior to 3.75.0, a Server-Side Request Forgery SSRF vulnerability exists in Payload's external file upload functionality. When processing external URLs for file uploads, insufficient validation of HTTP redirects could allow an...

CVE-2026-1997

Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing CORS is misconfigured, potentially allowing unauthorized web origins to access device resource. CORS is disabled by default on Pro‑class devices and can only be enabled by an administrator through the Embedd...

USN-7981-1 wlc vulnerabilities

It was discovered that wlc did not correctly handle SSL verification. An attacker could possibly use this issue to access sensitive resources. CVE-2026-22250 It was discovered that wlc did not correctly handle API keys. An attacker could possibly use this issue to leak API keys to a malicious...

EUVD-2026-3774

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.2.0 through 2.54.0, an attacker is able to execute arbitrary JavaScript in a victim user's CVAT UI session, provided that they are able to create a maliciously crafted label in a CVAT task or...

CVE-2026-23944

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.13.2, unauthenticated requests could be proxied to remote environment agents, allowing access to remote environment resources without authentication. The environment proxy middleware handled...

CVE-2026-1180

A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when clients authenticate using privatekeyjwt. The issue allows a client to specify an arbitrary jwksuri, which Keycloak then retrieves without validating the destination. This enables attackers to coerce the...

CVE-2021-0382

In checkSlicePermission of SliceManagerService.java, there is a possible resource exposure due to an incorrect permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...

CVE-2025-64180

The vulnerability CVE-2025-64180 affects Manager-io/Manager Desktop and Server (versions 25.11.1.3085 and earlier). The issue stems from a TOCTOU race condition in the DNS validation mechanism, allowing an attacker to bypass network isolation and access internal resources, cloud metadata endpoint...

PT-2025-44315

Name of the Vulnerable Software and Affected Versions BLU-IC2 versions through 1.19.5 BLU-IC4 versions through 1.19.5 Description The software is susceptible to a resource lacking authentication issue. This allows unauthorized access to resources. Recommendations Update BLU-IC2 to a version later...

Siemens SIMATIC Devices Exposure of Resource to Wrong Sphere (CVE-2024-36959)

In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix refcount leak in pinctrldttomap If we fail to allocate propname buffer, we need to drop the reference count we just took. Because the pinctrldtfreemaps includes the droping operation, here we call it...

EUVD-2012-4348

Malware in sbrugna...

EUVD-2017-10280

Malware in sbrugna...

EUVD-2019-13765

Malware in sbrugna...

EUVD-2020-0732

Malware in sbrugna...