Astro 代码问题漏洞

Astro is a content-driven website framework developed by Astro OpenSource. Versions of Astro prior to 13.1.10 had code vulnerabilities. These vulnerabilities stemmed from the use of default redirection behavior in fetch calls, which could allow Cloudflare Workers to bypass domain whitelist checks...

CVE-2026-25477

AFFiNE, an open-source workspace OS, contains an Open Redirect vulnerability prior to version 0.26.0 at the /redirect-proxy endpoint. The flaw stems from domain validation where an anchor-evasive Regular Expression allows bypass of the whitelist using domains ending with a trusted string. The CVS...

CVE-2026-25477 AFFiNE: Open Redirect via Regex Bypass in redirect-proxy

AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.26.0, there is an Open Redirect vulnerability located at the /redirect-proxy endpoint. The flaw exists in the domain validation logic, where an improperly anchored Regular Expression allows an attacker to...

CVE-2026-26286

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. In versions prior to 1.16.0, a Server-Side Request Forgery SSRF vulnerability in the asset download endpoint allow...

CVE-2026-26286

SillyTavern (local UI for LLMs) has an SSRF in the asset download endpoint prior to v1.16.0. Authenticated users can cause the server to make arbitrary HTTP requests and read full responses, exposing internal services, cloud metadata, and private network resources. The issue is fixed in v1.16.0 b...

CVE-2026-26286 SillyTavern has Server-Side Request Forgery (SSRF) via Asset Download Endpoint that Allows Reading Internal Services

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. In versions prior to 1.16.0, a Server-Side Request Forgery SSRF vulnerability in the asset download endpoint allow...

CVE-2026-26286 SillyTavern has Server-Side Request Forgery (SSRF) via Asset Download Endpoint that Allows Reading Internal Services

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. In versions prior to 1.16.0, a Server-Side Request Forgery SSRF vulnerability in the asset download endpoint allow...

PT-2026-20938

Name of the Vulnerable Software and Affected Versions SillyTavern versions prior to 1.16.0 Description SillyTavern is a locally installed user interface for interacting with large language models, image generation engines, and text-to-speech voice models. A Server-Side Request Forgery SSRF exists...

EUVD-2013-2773

Malware in sbrugna...

EUVD-2014-1152

Malware in sbrugna...

EUVD-2022-37321

Malicious code in bioql PyPI...

EUVD-2022-5377

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-21274

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In...

CVE-2014-10381

The user-domain-whitelist plugin before 1.5 for WordPress has CSRF...

CVE-2013-2834

Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2835...

GHSA-MP92-3JFM-3575 Synapse vulnerable to leak of remote user device information

Impact Cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver. Patches System administrators are encouraged to upgrade to Synapse 1.95.1 as soon as possible. Workarounds The federationdomainwhitelist can be used ...

CVE-2023-43796

Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver. System administrators are encouraged to upgrade to Synapse 1.95.1 or...

PT-2023-28988 · Synapse +2 · Synapse +2

Name of the Vulnerable Software and Affected Versions: Synapse versions prior to 1.95.1 and 1.96.0rc1 Description: Synapse is an open-source Matrix homeserver. Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. This can be used to...

PT-2023-13719 · Synapse +2 · Synapse +2

Name of the Vulnerable Software and Affected Versions: Synapse versions up to and including 1.68.0 Description: The Matrix Federation API in Synapse allows remote homeservers to request authorization events in a room, which is necessary for validating the legitimacy and permission of events...

PT-2023-13722 · Synapse +2 · Synapse +2

Name of the Vulnerable Software and Affected Versions: Synapse versions prior to 1.68.0 Description: The issue occurs when Synapse and a malicious homeserver are both joined to the same room. The malicious homeserver can trick Synapse into accepting previously rejected events into its view of the...