4 matches found
CVE-2026-34170 Coolify: Server-Side Request Forgery via attacker-controlled GitHub App API URL
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GithubApp apiurl field is used as the base URL for server-side HTTP requests without allowlisting or private IP blocking, allowing an authenticated user to configure a...
GHSA-F397-5VJW-V2C2 OpenClaw: Shell inline-command parsing could miss an allowlist check
Summary Shell inline-command parsing could miss an allowlist check. In affected versions, a command request using shell inline-command forms could route an inline command through a parser case that did not receive the expected allowlist decision. This advisory is scoped to the named feature and...
CVE-2026-41635
Summary: CVE-2026-41635 affects Apache MINA’s AbstractIoBuffer.resolveClass(), where one code path for static/primitive types neglects the class check and bypasses the classname allowlist, enabling arbitrary code execution through object deserialization. Impact and scope: Affects MINA versions 2....
GLPI 代码问题漏洞
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...