CVE-2026-8768

A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The...

Malicious code in @cloudplatform-single-spa/vcenter-virtual-machines (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

Malicious code in @cloudplatform-single-spa/dataplatform-metastore (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

Malicious code in @mlspace/inference-build (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

MAL-2026-4895 Malicious code in @cloudplatform-single-spa/clickhouse (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

EUVD-2026-31985

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, SSRF via workflowtemplate Import. Authenticated users can supply arbitrary URLs in workflowtemplate.downloadUrl which are fetched server-side without any URL validation or internal IP filtering. This vulnerability is fixed in...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the order of operations in the validateDownloadUrl implementation in download-blob.ts and download.ts. The fetch operation called before applying validateDownloadUrl follows redirects by default...

EUVD-2026-30713

A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The...

CVE-2026-8768 vercel ai provider-utils download-blob.ts validateDownloadUrl server-side request forgery

A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The...

CVE-2026-8768 vercel ai provider-utils download-blob.ts validateDownloadUrl server-side request forgery

A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The...

Vercel AI SDK 代码问题漏洞

Vercel AI SDK is a JavaScript SDK developed by Vercel that supports the integration of large language models, streaming responses, and AI application development. Versions of Vercel AI 3.0.97 and earlier contain code vulnerabilities. These vulnerabilities stem from the validateDownloadUrl functio...

PT-2026-41587

Name of the Vulnerable Software and Affected Versions vercel ai versions prior to 3.0.98 Description A server-side request forgery SSRF issue exists in the provider-utils component. The flaw is located in the validateDownloadUrl function within the packages/provider-utils/src/download-blob.ts fil...

CVE-2026-6983

A vulnerability was identified in pagekit up to 1.0.18. Affected by this issue is some unknown functionality of the file /index.php/admin/system/update/download. The manipulation of the argument url leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit i...

Server-side Request Forgery (SSRF)

Overview pagekit/pagekit is a modular and lightweight CMS built with Symfony components and Vue.js. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the url argument in the /index.php/admin/system/update/download process. An attacker can access internal...

CVE-2026-41062

Summary: WWBN AVideo

CVE-2026-6220

HummerRisk up to 1.5.0 is affected in ServerService.addServer (ServerService.java, Video File Download URL Handler). Manipulating the argument streamIp enables server-side request forgery; remote exploitation is possible and a public exploit exists. Vendor was contacted but did not respond. No re...

HummerCloud HummerRisk 代码问题漏洞

HummerCloud HummerRisk is an open-source cloud-native security platform developed by HummerCloud Technology in China. It addresses security and governance issues in cloud-native environments in a non-invasive manner. Its core capabilities include security governance for hybrid clouds and...

CVE-2026-39370

WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoder.json.php still allows attacker-controlled downloadURL values with common media or archive extensions such as .mp4, .mp3, .zip, .jpg, .png, .gif, and .webm to bypass SSRF validation. The server then...

Server-side Request Forgery (SSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the downloadURL parameter processing in objects/aVideoEncoder.json.php. An attacker can access internal resources and exfiltrat...

WWBN AVideo has an Allowlisted downloadURL media extensions bypass SSRF protection and enable internal response exfiltration (Incomplete fix for CVE-2026-27732)

The fix for CVE-2026-27732 is incomplete. objects/aVideoEncoder.json.php still allows attacker-controlled downloadURL values with common media or archive extensions such as .mp4, .mp3, .zip, .jpg, .png, .gif, and .webm to bypass SSRF validation. The server then fetches the response and stores it ...