478 matches found
CVE-2026-57304
A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username and password...
CVE-2026-57304
CVE-2026-57304 affects the Jenkins Assembla Plugin (versions ⤠1.4). The root cause is a missing permission check, allowing attackers who have Overall/Read permission to instruct the plugin to connect to an attacker-specified URL using attacker-specified credentials. The description in connected ...
CVE-2026-7165 Multiple vulnerabilities in the Assassin game by Gaudire
The vulnerability is present in the ā/addJugadorā endpoint: The 'keyJugador' and 'keyJugadorObjectiu' parameters allow the modification of other usersā information without requiring prior authorization validation. This could enable an authenticated attacker to alter any userās ID and change their...
GHSA-226F-F24G-524W Open WebUI: Redirect-Bypass SSRF in OAuth `_process_picture_url` (incomplete-fix sibling of CVE-2026-45401)
Summary backend/openwebui/utils/oauth.py::processpictureurl v0.9.5, lines 1435-1470 calls validateurlpictureurl on the initial URL only, then invokes aiohttp.ClientSession.getpictureurl, ... without allowredirects=False. aiohttp's default is allowredirects=True, maxredirects=10; the function does...
PT-2026-50480
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description An issue exists where the process picture url function in backend/open webui/utils/oauth.py performs URL validation only on the initial URL. Subsequently, it uses aiohttp.ClientSession.get without...
Astra Linux ā Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fixed an issue where invalid address access occurred when enabling the SCAN log level. The variable i is changed when setting a random MAC address, causing invalid address access when printing the value of...
Astra Linux ā Vulnerability in Nasm
There is an illegal address access in asm/preproc.c function: ismmacro within Netwide Assembler NASM 2.14rc16. This issue may lead to a denial of service due to out-of-bounds array access, as a certain conversion can result in a negative integer...
CVE-2026-45401 Open WebUI: SSRF Bypass via HTTP Redirect Following in Web-Fetch and Image-Load Endpoints
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the validateurl function in backend/openwebui/retrieval/web/utils.py only validates the initial URL submitted by the caller. The HTTP clients used downstream sync requests, async...
CVE-2026-45191 Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass
Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass. Mask forms like "/00" and "/01" pass validation and parse to the same prefix as their unpadded value. See also CVE-2026-45190...
CVE-2026-45191
Net::CIDR::Lite (Perl) is affected in versions before 0.24. The flaw is in CIDR mask handling: extraneous zero characters in masks are not properly validated, causing /00 and /01 (and other zero-padded forms) to pass validation and be parsed to the same prefix as the unpadded value, potentially a...
CVE-2026-42339
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. In versions 0.11.9-alpha.1 and prior, the SSRF protection introduced in v0.9.0.5 CVE-2025-59146 and hardened in v0.9.6 CVE-2025-62155 does not block the unspecified address 0.0.0.0. A regular...
CVE-2026-40280
Gotenberg is an API-based document conversion tool. In versions 8.30.1 and earlier, the default private-IP deny-lists for the --webhook-deny-list and --api-download-from-deny-list flags use a case-sensitive regular expression ^https?:// to match URL schemes. Because Go's net/url.Parse normalizes...
Twenty 代ē é®é¢ę¼ę“
Twenty is an open-source CRM platform developed by Twenty. Versions of Twenty 1.18.0 and earlier have code vulnerabilities. These vulnerabilities stem from a flaw in the SSRF protection mechanism, which can be bypassed by IPv6 addresses mapped via IPv4. The Node.js URL parser standardizes IPv6...
CVE-2026-41361
OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable IPv6 addresses to bypass SSRF protections...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013522)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013522 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: iscsitcp: Fix UAF during logout when accessing the shost ipaddress Bug report and analysis...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013675)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013675 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix invalid address access when enabling SCAN log level The variable i is changed...
GHSA-9HRV-GVRV-6GF2 Flowise Execute Flow function has an SSRF vulnerability
Summary The attacker provides an intranet address through the base url field configured in the Execute Flow node ā Bypass checkDenyList / resolveAndValidate in httpSecurity.ts not called ā Causes the server to initiate an HTTP request to any internal network address, read cloud metadata, or detec...
DEBIAN-CVE-2026-5713
The "profiling.sampling" module Python 3.15+ and "asyncio introspection capabilities" 3.14+, "python -m asyncio ps" and "python -m asyncio pstree" features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via t...
CVE-2026-5713
The "profiling.sampling" module Python 3.15+ and "asyncio introspection capabilities" 3.14+, "python -m asyncio ps" and "python -m asyncio pstree" features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via t...
CVE-2026-34225 Open WebUI has Blind Server Side Request Forgery in its Image Edit Functionality
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.7.2 and below contain a Blind Server Side Request Forgery in the functionality that allows editing an image via a prompt. The affected function performs a GET request to a user-provided U...