CVE-2026-43993 JunoClaw: SSRF in WAVS computeDataVerify allows cloud-metadata and internal-service access

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the WAVS bridge's computeDataVerify called fetch on agent-supplied URLs without validating scheme, port, or resolved IP, resulting in an SSRF vulnerability. This vulnerability is fixed in 0.x.y-security-1...

CVE-2026-43993 JunoClaw: SSRF in WAVS computeDataVerify allows cloud-metadata and internal-service access

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the WAVS bridge's computeDataVerify called fetch on agent-supplied URLs without validating scheme, port, or resolved IP, resulting in an SSRF vulnerability. This vulnerability is fixed in 0.x.y-security-1...

CVE-2026-42260

Open-WebSearch is a multi-engine MCP server, CLI, and local daemon for agent web search and content retrieval. Prior to 2.1.7, isPublicHttpUrl / assertPublicHttpUrl in src/utils/urlSafety.ts do not recognize bracketed IPv6 literals and do not resolve DNS, which combine to allow non-blind SSRF wit...

CVE-2026-30810

Pandora FMS versions 777–800 have a Server-Side Request Forgery vulnerability that enables privilege escalation via the API Checker extension (CVE-2026-30810). The CVSSv4 base score is 7.1 (HIGH) with NETWORK vector, LOW attack complexity, and LOW privileges required. Documents confirm SSRF and p...

CVE-2026-30810 Server-Side Request Forgery in API Checker leads to Privilege Escalation

Server-Side Request Forgery vulnerability allows Privilege Escalation via API Checker extension. This issue affects Pandora FMS: from 777 through 800...

CVE-2026-42641

Server-Side Request Forgery SSRF vulnerability in ILLID Share This Image share-this-image allows Server Side Request Forgery.This issue affects Share This Image: from n/a through = 2.14...

CVE-2026-42260

Open-WebSearch is a multi-engine MCP server, CLI, and local daemon for agent web search and content retrieval. Prior to 2.1.7, isPublicHttpUrl / assertPublicHttpUrl in src/utils/urlSafety.ts do not recognize bracketed IPv6 literals and do not resolve DNS, which combine to allow non-blind SSRF wit...

dssrf 安全漏洞

DSSRF is a URL and network verification library developed by RelunSec’s individual developers, designed for defending against SSRF vulnerabilities. Versions of DSSRF prior to 1.3.0 contained security vulnerabilities, which stemmed from the ability to bypass the isurlsafe check for each IPv6...

Pandora FMS 代码问题漏洞

Pandora FMS is a monitoring system developed by the American company Pandora FMS. This system provides visual monitoring of networks, servers, virtual infrastructure, and applications. There are code vulnerabilities in versions 777 to 800 of Pandora FMS, which stem from server-side request forger...

JunoClaw 代码问题漏洞

JunoClaw is a decentralized AI proxy platform developed by Dragonmonk111. Versions of JunoClaw prior to 0.x.y-security-1 contained code vulnerabilities. These vulnerabilities stemmed from the computeDataVerify function in the WAVS bridge, which did not validate the protocol, port, or parse the IP...

PT-2026-40548

Name of the Vulnerable Software and Affected Versions SillyTavern versions prior to 1.18.0 Description SillyTavern is a locally installed user interface for interacting with large language models, image generation engines, and text-to-speech voice models. The corsProxyMiddleware function forwards...

CVE-2026-42188 Geyser: Server-Side Request Forgery (SSRF) via Player Head Texture URL

Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Prior to 2.9.3, a server-side request forgery SSRF vulnerability exists in Geyser’s handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the /give command, an...

CVE-2026-42188

CVE-2026-42188 (Geyser SSRF) : A server-side request forgery vulnerability exists in Geyser’s handling of Bedrock player head textures. Before version 2.9.3, a crafted Base64-encoded skin texture URL supplied via the /give command can cause the Minecraft server to issue arbitrary HTTP GET request...

CVE-2026-44286

FastGPT is an AI Agent building platform. Prior to version 4.14.17, an unauthenticated Server-Side Request Forgery SSRF vulnerability allows attackers or authenticated users with App editing privileges to send arbitrary HTTP requests to internal/private network addresses. The fetchData function i...

CVE-2026-44313

Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. Prior to version 2.13.0, a Server-Side Request Forgery SSRF vulnerability in the fetchTitleAndHeaders function allows authenticated users to make arbitrary HTTP requests to internal...

CVE-2026-42261

PromptHub is an all-in-one AI toolbox for prompt, skill, and agent management. From version 0.4.9 to before version 0.5.4, apps/web/src/routes/skills.ts exposes an authenticated endpoint POST /api/skills/fetch-remote that fetches a user-supplied URL server-side and reflects the response body up t...

GHSA-FJ2M-QVH9-JQ4Q local-deep-research is Vulnerable to HTML Injection via Unescaped User Input in PDF Export (`pdf_service.py:_markdown_to_html`)

Summary PDFService.markdowntohtml constructs an HTML document by interpolating user-controlled values — specifically title sourced from research.title or research.query and metadata key-value pairs — directly into an f-string without any HTML escaping. An authenticated attacker can craft a resear...

local-deep-research is Vulnerable to HTML Injection via Unescaped User Input in PDF Export (`pdf_service.py:_markdown_to_html`)

Summary PDFService.markdowntohtml constructs an HTML document by interpolating user-controlled values — specifically title sourced from research.title or research.query and metadata key-value pairs — directly into an f-string without any HTML escaping. An authenticated attacker can craft a resear...

CVE-2026-8320 jishenghua jshERP updatePlatformConfigByKey Endpoint UserService.java getUserByWeixinCode server-side request forgery

A security vulnerability has been detected in jishenghua jshERP up to 3.6. This affects the function getUserByWeixinCode of the file jshERP-boot/src/main/java/com/jsh/erp/service/UserService.java of the component updatePlatformConfigByKey Endpoint. Such manipulation of the argument weixinUrl lead...

CVE-2026-8320

CVE-2026-8320 affects jishenghua jshERP up to 3.6. The vulnerability is in the getUserByWeixinCode function of jshERP-boot/src/main/java/com/jsh/erp/service/UserService.java within the updatePlatformConfigByKey Endpoint. Manipulating the weixinUrl argument leads to server-side request forgery (SS...