GHSA-7J2F-6H2R-6CQC Koel Vulnerable to SSRF via Podcast Episode Enclosure URLs

Summary Koel validates the podcast feed URL via the SafeUrl rule DNS resolution + public IP check, but the individual episode values extracted from the RSS XML are stored directly into the database without any SSRF validation. When a user plays an episode, the server downloads the full HTTP...

Koel Vulnerable to SSRF via Podcast Episode Enclosure URLs

Summary Koel validates the podcast feed URL via the SafeUrl rule DNS resolution + public IP check, but the individual episode values extracted from the RSS XML are stored directly into the database without any SSRF validation. When a user plays an episode, the server downloads the full HTTP...

Server-side Request Forgery (SSRF)

Overview phanan/koel is a personal audio streaming service. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the processing of unvalidated enclosure URLs in podcast episode feeds. An attacker can access sensitive internal resources and exfiltrate data by...

PT-2026-45047

Summary Koel validates the podcast feed URL via the SafeUrl rule DNS resolution + public IP check, but the individual episode values extracted from the RSS XML are stored directly into the database without any SSRF validation. When a user plays an episode, the server downloads the full HTTP...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fixed possible descptr out-of-bounds accesses. Sanitized possible descptr out-of-bounds accesses in sesenclosuredataprocess...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fixed possible out-of-bounds accesses to addldescptr. Sanitized possible out-of-bounds accesses to addldescptr in sesenclosuredataprocess...

Astra Linux - уязвимость в node-glob-parent

This affects the glob-parent package before version 5.1.2. The enclosure regex used to check for strings ending with an enclosure containing a path separator is affected...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Properly handle cases where an enclosure contains only one primary component. This fix reverts to commit 3fe97ff3d949 “scsi: ses: Do not attach if the enclosure has no components”. It also introduces proper handling fo...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013740)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013740 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible addldescptr out-of-bounds accesses Sanitize possible addldescptr...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013136)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013136 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible addldescptr out-of-bounds accesses Sanitize possible addldescptr...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013215)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013215 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in sesenclosuredataprocess A fix for: BUG: KASAN:...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010999)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010999 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible addldescptr out-of-bounds accesses Sanitize possible addldescptr...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006933)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006933 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible descptr out-of-bounds accesses Sanitize possible descptr out-of-bounds...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006688)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006688 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible descptr out-of-bounds accesses Sanitize possible descptr out-of-bounds...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005743)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005743 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Handle enclosure with just a primary component gracefully This reverts commit...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005402)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005402 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Handle enclosure with just a primary component gracefully This reverts commit...

kernel: scsi: ses: Fix possible desc_ptr out-of-bounds accesses

A bounds-checking flaw was found in the Linux kernel Small Computer System Interface Enclosure Services driver in the way descriptor pointers are validated while processing enclosure data. Missing checks could allow an out-of-bounds access during parsing. A local user could use this flaw to crash...

kernel: scsi: ses: Fix possible desc_ptr out-of-bounds accesses

A bounds-checking flaw was found in the Linux kernel Small Computer System Interface Enclosure Services driver in the way descriptor pointers are validated while processing enclosure data. Missing checks could allow an out-of-bounds access during parsing. A local user could use this flaw to crash...

kernel: scsi: ses: Fix possible desc_ptr out-of-bounds accesses

A bounds-checking flaw was found in the Linux kernel Small Computer System Interface Enclosure Services driver in the way descriptor pointers are validated while processing enclosure data. Missing checks could allow an out-of-bounds access during parsing. A local user could use this flaw to crash...

kernel: scsi: ses: Fix possible desc_ptr out-of-bounds accesses

A bounds-checking flaw was found in the Linux kernel Small Computer System Interface Enclosure Services driver in the way descriptor pointers are validated while processing enclosure data. Missing checks could allow an out-of-bounds access during parsing. A local user could use this flaw to crash...