EUVD-2026-29853

mosparo is the modern solution to protect your online forms from spam. Prior to 1.4.13, the automatic rule package source URL feature allows a project member with the editor role to store an attacker-controlled URL that the server later fetches. Because the server follows http/https redirects and...

CVE-2026-2291

dnsmasqs extractname function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS...

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the uploadC2CMedia or uploadGroupMedia process. An attacker can cause the application to make unintended outbound requests to attacker-controlled URLs...

SAP BusinessObjects Business Intelligence Platform SSRF (December 2025)

The version of SAP BusinessObjects Business Intelligence Platform installed on the remote host is affected by a server-side request forgery vulnerability as disclosed in the SAP Security Patch Day December 2025: - SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote...

Account Takeover

debug is vulnerable to Account Takeover. The vulnerability is due to a compromised npm publishing account, which allowed an attacker to publish a malicious patch version 4.4.2 that injects browser-side malware, enabling redirection of cryptocurrency transactions e.g., MetaMask to...