CVE-2026-28467

OpenClaw versions prior to 2026.2.2 contain a server-side request forgery vulnerability in attachment and media URL hydration that allows remote attackers to fetch arbitrary HTTPS URLs. Attackers who can influence media URLs through model-controlled sendAttachment or auto-reply mechanisms can...

CVE-2025-66405

Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardrails. Prior to 1.14.0, the gateway determined the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the client-specified path to perform an external fetch...

CVE-2025-66405 Portkey.ai Gateway: Server-Side Request Forgery (SSRF) in Custom Host

Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardrails. Prior to 1.14.0, the gateway determined the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the client-specified path to perform an external fetch...

CVE-2025-66405

Portkey.ai Gateway has an SSRF vulnerability prior to v1.14.0 where the destination baseURL is chosen from the x-portkey-custom-host header and the proxy appends the client path to fetch external resources. This can allow an attacker to make requests to arbitrary hosts, potentially leaking data f...

PT-2024-24343 · Mealie · Mealie

Name of the Vulnerable Software and Affected Versions: Mealie versions prior to 1.4.0 Description: The issue concerns the scrape image function, which retrieves an image based on a user-provided URL without validating if the URL points to an external location and lacks enforced rate limiting. The...