CVE-2026-11998 AngularJS XSS via SCE resource URL sanitization bypass

A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to ensure that only trusted or safe values are used in certain...

CVE-2026-54326

Pi HTML exports in Pi (pi-coding-agent) from versions 0.74.0–0.78.0 do not consistently reject unsafe Markdown link and image URL schemes, with C0 control characters in the URL scheme able to bypass checks. This can lead to a Cross-Site Scripting (XSS) risk in the exported static HTML if untruste...

CVE-2026-50090 Aqara OAuth redirect_uri validation bypass

The Aqara Cloud OAuth Authorization Endpoint open-cn.aqara.com/oauth/authorize is vulnerable to a redirect bypass due to lax controls on domain matching, which is an instance of "CWE-1289: Improper Validation of Unsafe Equivalence in Input" and has an estimated CVSS of...

CVE-2026-50090 Aqara OAuth redirect_uri validation bypass

The Aqara Cloud OAuth Authorization Endpoint open-cn.aqara.com/oauth/authorize is vulnerable to a redirect bypass due to lax controls on domain matching, which is an instance of "CWE-1289: Improper Validation of Unsafe Equivalence in Input" and has an estimated CVSS of...

Security update for roundcubemail (important)

openSUSE Security Update: Security update for roundcubemail Announcement ID: openSUSE-SU-2026:0183-1 Rating: important References: 1266329 1266331 1266332 1266333 1266334 1266335 1266336 1266337 Cross-References: CVE-2026-48842 CVE-2026-48843 CVE-2026-48844 CVE-2026-48845 CVE-2026-48846...

CVE-2026-45566 Roxy-WI: Open redirect on /login?next= via basic-auth userinfo syntax bypass

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the login flow allow-lists next URLs by rejecting strings containing https:// or http:// substrings, then constructs https://request.hostnexturl and the JS client redirects via...

CVE-2026-40961 Apache Airflow: Open Redirect Bypass Vulnerability

A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the issafeurl check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to upgrade to apache-airflow 3.2.2 or later. As a defense-in-dept...

CVE-2026-31378 Apache OFBiz: JSON Attribute Override and URL Allowlist Bypass Leads to Remote Code Execution

Improper Input Validation vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

DeepSeek TUI has SSRF‌ IPV6 bypass

Summary Although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in‌‌ URL‌ as http://::1, the SSRF defenses do not work. Details...

GHSA-7RX4-C5VX-G8W3 Karakeep SDK has SSRF via metascraper-logo-favicon that bypasses validateUrl protections

Summary The metascraper-logo-favicon plugin makes HTTP requests to URLs extracted from attacker-controlled HTML without going through the application's validateUrl SSRF protections. This allows any authenticated user to make the server fetch arbitrary internal URLs by bookmarking a page containin...

Karakeep SDK has SSRF via metascraper-logo-favicon that bypasses validateUrl protections

Summary The metascraper-logo-favicon plugin makes HTTP requests to URLs extracted from attacker-controlled HTML without going through the application's validateUrl SSRF protections. This allows any authenticated user to make the server fetch arbitrary internal URLs by bookmarking a page containin...

CVE-2026-43899 DeepChat: Incomplete Fix for CVE-2025-55733 leads to Remote Code Execution via Markdown Links bypassing `isValidExternalUrl`

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, An incomplete mitigation for CVE-2025-55733 leaves DeepChat vulnerable to an arbitrary protocol execution bypass RCE. While the patch correctly restricted...

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the sendPhoto process. An attacker can cause unauthorized requests to internal or external resources by supplying a crafted outbound photo URL tha...

EUVD-2026-22134

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

MiracleLinux 8 : nodejs:18 (AXSA:2024-8777:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8777:01 advisory. node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-28863 nodejs: Bypass network import restrictio...

CVE-2024-32643 Masa CMS vulnerable to authentication bypass with /tag/

Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, if the URL to the page is modified to include a /tag/ declaration, the CMS will render the page regardless of group restrictions. This vulnerability is fixed in 7.2.8, 7.3.13, and 7.4.6...

CVE-2025-65019 Astro Cloudflare adapter has a Stored Cross Site Scripting vulnerability in /_image endpoint

Astro is a web framework. Prior to version 5.15.9, when using Astro's Cloudflare adapter @astrojs/cloudflare with output: 'server', the image optimization endpoint /image contains a critical vulnerability in the isRemoteAllowed function that unconditionally allows data: protocol URLs. This enable...

EUVD-2016-3641

Malware in sbrugna...

EUVD-2017-16890

Malware in sbrugna...