CVE-2026-53927

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the spreadsheet-fetch endpoint axiosRequestMake accepted URLs whose path contained a permitted extension anywhere in the string, and applied a hand-rolled regex blocklist that omitted 127.0.0.0/8 and 169.254.0.0/16,...

CVE-2026-56266

Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitrary user-supplied URLs without validation. Unauthenticated attackers can bypass the internal-address blocklist using IPv6-mapped IPv4 addresses to reac...

CVE-2026-56266 Crawl4AI - Server-Side Request Forgery via Direct Crawl Endpoints

Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitrary user-supplied URLs without validation. Unauthenticated attackers can bypass the internal-address blocklist using IPv6-mapped IPv4 addresses to reac...

EUVD-2026-36539

parse-server: Stored XSS via trailing-dot filename bypassing file upload extension blocklist...

CVE-2026-53872

picklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to read arbitrary server files by chaining io.FileIO and urllib.request.urlopen. Attackers can bypass RCE-focused blocklists to exfiltrate sensitive data like /etc/passwd to externa...

CVE-2026-3490

picklescan before 1.0.4 fails to block pkgutil.resolvename, allowing attackers to bypass the entire blocklist by resolving any dangerous function through indirect REDUCE calls. Remote attackers can invoke any blocked function such as os.system, builtins.exec, or subprocess.call to achieve remote...

CVE-2026-53873 picklescan - Arbitrary Code Execution via profile.run() Blocklist Bypass

picklescan before 1.0.4 contains an incomplete blocklist for the profile module that fails to block the module-level profile.run function, allowing attackers to achieve arbitrary code execution via exec. Attackers can craft malicious pickle files calling profile.runstatement to execute arbitrary...

EUVD-2026-37739

picklescan before 1.0.4 contains an incomplete blocklist for the profile module that fails to block the module-level profile.run function, allowing attackers to achieve arbitrary code execution via exec. Attackers can craft malicious pickle files calling profile.runstatement to execute arbitrary...

EUVD-2026-37738

picklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to read arbitrary server files by chaining io.FileIO and urllib.request.urlopen. Attackers can bypass RCE-focused blocklists to exfiltrate sensitive data like /etc/passwd to externa...

CVE-2026-53872

The CVE-2026-53872 entry covers picklescan (pre-0.0.35) with an unsafe pickle deserialization flaw that allows unauthenticated attackers to read arbitrary server files by chaining io.FileIO and urllib.request.urlopen. This leads to potential exposure of sensitive data (e.g., /etc/passwd) despite ...

CVE-2026-53873

The CVE-2026-53873 vulnerability affects picklescan prior to 1.0.4, where an incomplete blocklist for the profile module fails to block module-level profile.run(), enabling arbitrary code execution via exec() through crafted pickle files. Attackers can craft malicious pickles calling profile.run(...

CVE-2026-53872 picklescan - Arbitrary File Read via Unsafe Pickle Deserialization

picklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to read arbitrary server files by chaining io.FileIO and urllib.request.urlopen. Attackers can bypass RCE-focused blocklists to exfiltrate sensitive data like /etc/passwd to externa...

CVE-2026-3490

CVE-2026-3490 affects picklescan prior to version 1.0.4, where the blocklist of dangerous functions is bypassed via pkgutil.resolve_name. The underlying issue is an incomplete blocklist that allows indirect REDUCE calls to resolve dangerous functions, enabling remote code execution (e.g., os.syst...

CVE-2026-3490 picklescan - Universal Blocklist Bypass via pkgutil.resolve_name

picklescan before 1.0.4 fails to block pkgutil.resolvename, allowing attackers to bypass the entire blocklist by resolving any dangerous function through indirect REDUCE calls. Remote attackers can invoke any blocked function such as os.system, builtins.exec, or subprocess.call to achieve remote...

EUVD-2026-37737

picklescan before 1.0.4 fails to block pkgutil.resolvename, allowing attackers to bypass the entire blocklist by resolving any dangerous function through indirect REDUCE calls. Remote attackers can invoke any blocked function such as os.system, builtins.exec, or subprocess.call to achieve remote...

CVE-2025-71321

CVE-2025-71321 concerns the Python toolset picker scan showing an arbitrary file writing vulnerability in the package before version 0.0.33. The root cause is bypassing the dangerous blocklist by abusing distutils.file_util.write_file, enabling attackers to craft malicious pickle objects that ove...

EUVD-2025-210268

picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to bypass the dangerous blocklist by using distutils.fileutil.writefile. Attackers can construct malicious pickle objects to overwrite critical system files and achieve denial of service or remote code...

CVE-2025-71321 picklescan - Arbitrary File Writing via distutils Module Bypass

picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to bypass the dangerous blocklist by using distutils.fileutil.writefile. Attackers can construct malicious pickle objects to overwrite critical system files and achieve denial of service or remote code...

CVE-2026-48782

CVE-2026-48782 affects Pydantic AI (versions 1.56.0–1.101.0, 2.0.0b1, 2.0.0b2) where the cloud-metadata blocklist can be bypassed by IPv6 transition forms that previous fixes did not decode. The IPv6 forms bypassing the blocklist can expose cloud IAM short-term credentials when an app uses force_...

Crawl4AI: SSRF filter bypass in Docker server via IPv6 transition forms (NAT64 / 6to4 / unspecified / v4-mapped)

Summary The Docker API server's SSRF protection validatewebhookurl / validateurldestination in deploy/docker/utils.py used an explicit IPv4/IPv6 CIDR blocklist that missed several address families. An attacker could reach internal services and cloud metadata endpoints e.g. 169.254.169.254 despite...