CVE-2026-44652

SillyTavern is affected by an SSRF in the optional CORS proxy middleware (corsProxyMiddleware). Before version 1.18.0, it forwards req.params.url directly into fetch(url, ...) without enforcing a destination allowlist or blocking private/loopback targets, enabling an attacker-controlled URL to re...

SUSE CVE-2026-40938

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the git resolver's revision parameter is passed directly as a positional argument to git fetch without any validation...

CVE-2026-3125 SSRF vulnerability in opennextjs-cloudflare via /cdn-cgi/ path normalization bypass

A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package, resulting from a path normalization bypass in the /cdn-cgi/image/ handler.The @opennextjs/cloudflare worker template includes a /cdn-cgi/image/ handler intended for development use only. In...

GHSA-2G59-M95P-PGFQ Chainlit contain a server-side request forgery (SSRF) vulnerability

Chainlit versions prior to 2.9.4 contain a server-side request forgery SSRF vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled url value in an Element, which is fetched by the SQLAlchemy...