CVE-2026-45609

mcp-security provides Security and Authorization support for Model Context Protocol in Spring AI. Prior to 0.1.9, the mcp-security framework fails to implement the mandatory SSRF mitigations outlined in the Model Context Protocol MCP security specifications. Specifically, it processes untrusted...

Unity Linux 20.1070a Security Update: git (UTSA-2026-021309)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021309 advisory. Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals...

CVE-2026-44439

PlaywrightCapture is vulnerable prior to version 1.39.6: an attacker-controlled page could abuse browser redirect mechanisms (e.g., window.location.href) to cause the capture process to open file:// URLs or access resources at private/loopback/non-public IPs, enabling potential SSRF and leakage o...

Server-side Request Forgery (SSRF)

Overview docling-graph is an A tool to convert documents into knowledge graphs using Docling. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the URLInputHandler process. An attacker can access internal network resources or sensitive cloud metadata by...

PT-2026-38317

Name of the Vulnerable Software and Affected Versions Playwright Capture affected versions not specified Description Playwright Capture fails to sufficiently restrict navigations and resource requests initiated by rendered pages. An attacker-controlled page can abuse browser-side redirection...

CVE-2026-4799 Open redirect vulnerability in Search Guard Kibana Plugin via manipulated requests

In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an untrusted URL...

PT-2026-29273

In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an untrusted URL...

PT-2026-26012

Summary openclaw web tools strict URL fetch paths could lose DNS pinning when environment proxy variables are configured HTTP PROXY/HTTPS PROXY/ALL PROXY, including lowercase variants. In affected builds, strict URL checks for example web fetch and citation redirect resolution validated one...

TencentOS Server 3: git (TSSA-2025:0995)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0995 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

EUVD-2025-18379

Malicious code in bioql PyPI...

EUVD-2023-1471

Malicious code in bioql PyPI...

CVE-2025-2091

An open redirection vulnerability in M-Files mobile applications for Android and iOS prior to version 25.6.0 allows attackers to use maliciously crafted PDF files to trick other users into making requests to untrusted URLs...

CVE-2025-2091

An open redirection vulnerability in M-Files mobile applications for Android and iOS prior to version 25.6.0 allows attackers to use maliciously crafted PDF files to trick other users into making requests to untrusted URLs...

CVE-2025-2091

An open redirection vulnerability in M-Files mobile applications for Android and iOS prior to version 25.6.0 allows attackers to use maliciously crafted PDF files to trick other users into making requests to untrusted URLs...

CVE-2025-2091 Open redirection in M-Files Mobile

An open redirection vulnerability in M-Files mobile applications for Android and iOS prior to version 25.6.0 allows attackers to use maliciously crafted PDF files to trick other users into making requests to untrusted URLs...

CVE-2025-2091 Open redirection in M-Files Mobile

An open redirection vulnerability in M-Files mobile applications for Android and iOS prior to version 25.6.0 allows attackers to use maliciously crafted PDF files to trick other users into making requests to untrusted URLs...

PT-2025-25531 · M Files · My Files

Name of the Vulnerable Software and Affected Versions: M-Files mobile applications for Android and iOS versions prior to 25.6.0 Description: An open redirection issue allows attackers to use maliciously crafted PDF files to trick other users into making requests to untrusted URLs. This can be...

BIT-GIT-2024-52006 Newline confusion in credential helpers can lead to credential exfiltration in git

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems mos...

BIT-GIT-2024-50349 Git does not sanitize URLs when asking for credentials interactively

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt i.e. without using any credential helper, it prints out the host name for whic...

EulerOS 2.0 SP12 : git (EulerOS-SA-2025-1296)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full...