CVE-2026-6979

A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been published and m...

CVE-2026-6979 devlikeapro WAHA API Request media.controller.ts server-side request forgery

A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been published and m...

CVE-2026-6979 devlikeapro WAHA API Request media.controller.ts server-side request forgery

A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been published and m...

CVE-2026-6977

CVE-2026-6977 affects vanna-ai vanna up to 2.0.2, arising from an unknown function in the Legacy Flask API that leads to improper authorization. The vulnerability is exploitable remotely and has been disclosed publicly; exploitation status is indicated as a public disclosure with potential use. T...

CVE-2026-6977 vanna-ai vanna Legacy Flask API improper authorization

A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. The affected element is an unknown function of the component Legacy Flask API. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and ma...

EUVD-2026-25653

A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. The affected element is an unknown function of the component Legacy Flask API. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and ma...

CVE-2026-6977

A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. The affected element is an unknown function of the component Legacy Flask API. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and ma...

CVE-2026-6977 vanna-ai vanna Legacy Flask API improper authorization

A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. The affected element is an unknown function of the component Legacy Flask API. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and ma...

CVE-2026-40099

Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined for each role in the user blueprint site/blueprints/users/.... It is also possible to customize th...

CVE-2026-41266

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker with knowledge just...

[SECURITY] Fedora 44 Update: qt6-qtsensors-6.10.3-1.fc44

The Qt Sensors API provides access to sensor hardware via QML and C++ interfaces. The Qt Sensors API also provides a motion gesture recognition API for devices...

[SECURITY] Fedora 44 Update: qt6-qtlocation-6.10.3-1.fc44

The Qt Location API helps you create viable mapping solutions using the data available from some of the popular location services...

[SECURITY] Fedora 44 Update: qt6-qtcoap-6.10.3-1.fc44

Qt CoAP API provides classes and functions to access the CoAP protocol...

[SECURITY] Fedora 44 Update: mupdf-1.27.1-10.fc44

MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...

WAHA 代码问题漏洞

WAHA is an open-source WhatsApp HTTP API service tool developed by devlikeapro. Versions of WAHA prior to 2026.3.4 contained code vulnerabilities. These vulnerabilities stemmed from unknown features in the component’s API Request Handler, specifically in the file src/api/media.controller.ts, whic...

PT-2026-37185

Name of the Vulnerable Software and Affected Versions LiteLLM versions 1.74.2 through 1.83.6 Description LiteLLM is a proxy server AI Gateway used to call LLM APIs in OpenAI or native format. The endpoints 'POST /mcp-rest/test/connection' and 'POST /mcp-rest/test/tools/list', used to preview an M...

PT-2026-35149

A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been published and m...

PT-2026-35147

A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. The affected element is an unknown function of the component Legacy Flask API. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and ma...

ShowDoc 注入漏洞

ShowDoc is a tool developed by star7th, ideal for online document sharing among IT teams. Versions 2.10.10, 3.6.2, and 3.8.0 of ShowDoc contain injection vulnerabilities. These vulnerabilities stem from improper handling of parameters in the...

GHSA-GX2M-MCC2-R4P3 wlc: print_html outputs API data without HTML escaping

Impact The HTML output format in wlc embeds API response data into HTML without escaping, allowing cross-site scripting when the output is rendered in a browser. Patches https://github.com/WeblateOrg/wlc/pull/1327 Workarounds The only vulnerable code path is HTML output which is opt-in. Reference...