Lobe Chat vulnerable to Server-Side Request Forgery with native web fetch module

Vulnerability Description --- Vulnerability Overview - When the client sends an arbitrary URL array and impl: "naive" to the tRPC endpoint tools.search.crawlPages, the server issues outbound HTTP requests directly to those URLs. There is no defensive logic that restricts or validates requests to...

GHSA-FGX4-P8XF-QHP9 Lobe Chat vulnerable to Server-Side Request Forgery with native web fetch module

Vulnerability Description --- Vulnerability Overview - When the client sends an arbitrary URL array and impl: "naive" to the tRPC endpoint tools.search.crawlPages, the server issues outbound HTTP requests directly to those URLs. There is no defensive logic that restricts or validates requests to...

Malicious code in musl-dev (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 921a96dbb105de30a891a3770c85b1a240ad3625bb52b4e6276340c641b4a46f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-191650 Malicious code in musl-dev (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 921a96dbb105de30a891a3770c85b1a240ad3625bb52b4e6276340c641b4a46f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Dev jobs handlebars 安全漏洞

Dev jobs handlebars is a job search program by Felix Individual Developers. A security vulnerability exists in Dev jobs handlebars version 1.0 that stems from the use of an untrusted req.headers.host header to generate an absolute password reset link and force the use of an http scheme, which cou...

Improper Access Control

vite is vulnerable to improper access control. The vulnerability is due to files starting with the same name as those in the public directory being served while bypassing the server.fs settings, which allows an attacker to access restricted files when the Vite dev server is exposed to the network...

EUVD-2025-31840

Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim’s Sync account data such as account credentials and email protection information...

EUVD-2025-31843

A security flaw has been discovered in itsourcecode Leave Management System 1.0. This impacts the function redirect of the file /module/employee/controller.php?action=reset of the component Query Parameter Handler. Performing manipulation of the argument ID results in cross site scripting. It is...

Linux Distros Unpatched Vulnerability : CVE-2023-53515

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - virtio-mmio: don't break lifecycle of vmdev vmdev has a separate lifecycle because it has a 'struct device' embedded. Thus, having a release callback for it is...

Linux Distros Unpatched Vulnerability : CVE-2023-53670

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: nvme-core: fix devpmqos memleak Call devpmqoshidelatencytolerance in the error unwind patch ...

Linux Distros Unpatched Vulnerability : CVE-2023-53568

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: s390/zcrypt: don't leak memory if devsetname fails When devsetname fails, zcdncreate doesn't...

AZL-76404 CVE-2023-53627 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Grab sasdev lock when traversing the members of sasdev.list When freeing slots in function slotcompletev3hw, it is possible that sasdev.list is being traversed elsewhere, and it may trigger a NULL pointer exception...

UBUNTU-CVE-2023-53670

In the Linux kernel, the following vulnerability has been resolved: nvme-core: fix devpmqos memleak Call devpmqoshidelatencytolerance in the error unwind patch to avoid following kmemleak:- blktests master kmemleak-clear; ./check nvme/044; blktests master kmemleak-scan ; kmemleak-show nvme/044 Te...

UBUNTU-CVE-2023-53627

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Grab sasdev lock when traversing the members of sasdev.list When freeing slots in function slotcompletev3hw, it is possible that sasdev.list is being traversed elsewhere, and it may trigger a NULL pointer exception...

CVE-2023-53670 nvme-core: fix dev_pm_qos memleak

In the Linux kernel, the following vulnerability has been resolved: nvme-core: fix devpmqos memleak Call devpmqoshidelatencytolerance in the error unwind patch to avoid following kmemleak:- blktests master kmemleak-clear; ./check nvme/044; blktests master kmemleak-scan ; kmemleak-show nvme/044 Te...

CVE-2023-53670 nvme-core: fix dev_pm_qos memleak

In the Linux kernel, the following vulnerability has been resolved: nvme-core: fix devpmqos memleak Call devpmqoshidelatencytolerance in the error unwind patch to avoid following kmemleak:- blktests master kmemleak-clear; ./check nvme/044; blktests master kmemleak-scan ; kmemleak-show nvme/044 Te...

CVE-2023-53664

In the Linux kernel, the following vulnerability has been resolved: OPP: Fix potential null ptr dereference in devpmoppgetrequiredpstate "opp" pointer is dereferenced before the ISERRORNULL check. Fix it by removing the dereference to cache opptable and dereference it directly where opptable is...

EUVD-2025-32757

In the Linux kernel, the following vulnerability has been resolved: wifi: ath6kl: reduce WARN to devdbg in callback The warn is triggered on a known race condition, documented in the code above the test, that is correctly handled. Using WARN hinders automated testing. Reducing severity...

CVE-2023-53627 scsi: hisi_sas: Grab sas_dev lock when traversing the members of sas_dev.list

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Grab sasdev lock when traversing the members of sasdev.list When freeing slots in function slotcompletev3hw, it is possible that sasdev.list is being traversed elsewhere, and it may trigger a NULL pointer exception...

CVE-2023-53627

CVE-2023-53627 affects the Linux kernel SCSI HISI SAS path. Root cause: concurrency on sas_dev.list during slot completion/deregistration can trigger a NULL pointer dereference. The fix is to grab the sas_dev lock when traversing sas_dev.list in dereg_device_v3_hw() and in hisi_sas_release_tasks(...