GHSA-WQP7-X3PW-XC5R Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows

Summary When serving static files on Windows, StaticFiles resolves the requested path with os.path.realpath. If a UNC path such as \attacker.com\share reaches the resolver, realpath causes the process to open a connection to the remote host over SMB port 445. This is a server-side request forgery...

EUVD-2026-36725

Mattermost Desktop App versions =6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop App which allows any user on a server without the image proxy enabled to intercept other users credentials via embedding an image that...

PT-2026-49575

Summary The launch-editor NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path is opened, Windows automatically attempts NTLM authentication to the remote host, causing the user’s NTLMv2 password hash to be leaked to an attacker-controlled SMB server. This can result ...

CVE-2026-50508

Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-50508

CVE-2026-50508 describes exposure of sensitive information in Windows NTLM, enabling an unauthorized attacker to perform spoofing over a network. CVSSv3.1 shows network access, low attack complexity, no privileges required, but user interaction required, with Confidentiality impact HIGH. Document...

CVE-2026-50508 Windows NTLM Spoofing Vulnerability

...

CVE-2026-50508 Windows NTLM Spoofing Vulnerability

...

Windows NTLM Spoofing Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network...

PT-2026-48124

Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-8993

D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate full NTLM autentication or SMB connection to attacker infrastructure and to conduct SSRF Server Side...

CVE-2026-32631

Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricking users into cloning a malicious repository, or checking out a malicious branch, that accesses a...

Seagull BarTender 代码问题漏洞

Seagull BarTender is an enterprise-level labeling, barcode, and RFID design and printing software developed by Seagull Corporation in the United States. Versions of Seagull BarTender 2010, 2016, and 2019 contained code vulnerabilities. These vulnerabilities stemmed from unvalidated and improperly...

Astra Linux – Vulnerability in exim4

Exim NTLM Challenge Out-of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected Exim installations. Authentication is not required to exploit this vulnerability. The specific flaw lies in the handling of NTLM...

PT-2026-34821

Name of the Vulnerable Software and Affected Versions go-ntlmssp versions prior to 0.1.1 Description A malicious NTLM challenge message can cause a slice out of bounds panic, leading to a crash of any Go process utilizing ntlmssp.Negotiator as an HTTP transport. Recommendations Update to version...

CVE-2026-40107 SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering

SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, tags with src attributes survive Mermaid's internal DOMPurify and land in SVG blocks. The SVG is injected via innerHTML with no secondary...

CVE-2026-40107

SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, tags with src attributes survive Mermaid's internal DOMPurify and land in SVG blocks. The SVG is injected via innerHTML with no secondary...

EUVD-2026-18039

AIOHTTP affected by UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windows...

CVE-2026-25171

Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

CVE-2026-4823

A flaw has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this vulnerability is an unknown functionality of the component NTLM2 Handler. Executing a manipulation can lead to information disclosure. The attack is restricted to local execution. Attacks of this nature are highl...

EUVD-2026-10636

Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...