CVE-2026-45310

CVE-2026-45310 describes an SSRF via HTTP redirect bypass in CodeWhale’s fetch_url tool (DeepSeek TUI). Before version 0.8.22, fetch_url validates the initial URL against a restricted-IP blocklist, but the HTTP client follows up to 5 redirects without re-validating the redirect targets, potential...

CVE-2026-45310

CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.22, the fetchurl tool validates the initial URL's resolved IP address against a restricted-IP blocklist isrestrictedip to prevent SSRF attacks against internal services cloud metadata endpoints, localhost, private networks...

Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: i40e: Fixed potential invalid access when the MAC list is empty. The listfirstentry function never returns NULL—if the list is empty, it still returns a pointer to an invalid object, leading to potential invalid memory access whe...

CVE-2026-8827

The CVE concerns TYPO3 extension Address List (tt_address). AddressRepository::getSqlQuery() builds a database query without proper sanitization, enabling SQL injection when untrusted input is used. The issue is not triggered internally by the extension in a default install, but could be exploite...

CVE-2026-8827 SQL Injection in extension "Address List" (tt_address)

The AddressRepository::getSqlQuery method constructs a database query without properly sanitizing user input, leading to SQL Injection. The method is not invoked anywhere within the extension itself and therefore poses no direct risk in a default installation. However, custom extensions that call...

CVE-2026-8827 SQL Injection in extension "Address List" (tt_address)

The AddressRepository::getSqlQuery method constructs a database query without properly sanitizing user input, leading to SQL Injection. The method is not invoked anywhere within the extension itself and therefore poses no direct risk in a default installation. However, custom extensions that call...

TYPO3 Extension Address List SQL注入漏洞

TYPO3 Extension Address List is an open-source extension for TYPO3, designed for address book and contact management purposes. TYPO3 Extension Address List has a SQL injection vulnerability; this vulnerability stems from the getSqlQuery method not properly cleaning user input, which may lead to S...

TYPO3-EXT-SA-2026-012: SQL Injection in extension "Address List" (tt_address)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-012...

PublicCMS 授权问题漏洞

PublicCMS is an open-source content management system CMS developed in Java by PublicCMS Company in China. Version 5.202506.d of PublicCMS has a vulnerability related to authorization. This vulnerability stems from the execute function in the Trade Address Query Handler component, specifically in...

PT-2026-41522

A weakness has been identified in Sanluan PublicCMS 5.202506.d. This issue affects the function execute of the file publiccms-trade/src/main/java/com/publiccms/views/directive/trade/TradeAddressListDirective.java of the component Trade Address Query Handler. Executing a manipulation of the argume...

SUSE CVE-2026-39820

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...

DEBIAN-CVE-2026-39820

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...

CVE-2026-39820

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...

CLSA-2026-1778129970 python3.11: Fix of 7 CVEs

CVE-2026-0672: reject control characters in http.cookies cookie names, values, and parameters to prevent header injection - CVE-2026-3644: reject control characters in Morsel.update, |= operator, and unpickling paths missed by CVE-2026-0672; add output validation to BaseCookie.jsoutput -...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ipv6: fixed a race condition between ipv6getifaddr and ipv6deladdr Although ipv6getifaddr operates under the RCU lock, it still allows hlistforeachentryrcu to return an item that has already been removed from the list. The memory...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: SCTP: Prevent out-of-bounds write attacks due to TOCTOU operations. For the following path that does not hold the sock lock: sctpdiagdump - sctpforeachendpoint - sctpepdump Make sure that you do not exceed the bounds of the data...

CVE-2026-7305 Xuxueli xxl-job trigger Endpoint XxlJobServiceImpl.java triggerJob server-side request forgery

A weakness has been identified in Xuxueli xxl-job up to 3.3.2. The affected element is the function triggerJob of the file xxl-job-admin/src/main/java/com/xxl/job/admin/service/impl/XxlJobServiceImpl.java of the component trigger Endpoint. This manipulation of the argument addressList causes...

CVE-2026-7305

A weakness has been identified in Xuxueli xxl-job up to 3.3.2. The affected element is the function triggerJob of the file xxl-job-admin/src/main/java/com/xxl/job/admin/service/impl/XxlJobServiceImpl.java of the component trigger Endpoint. This manipulation of the argument addressList causes...

SUSE CVE-2026-33598

A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAddress or getAddressListByDomain on a packet cache...

CVE-2026-33598

A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAddress or getAddressListByDomain on a packet cache...