Evolver: Path Traversal via `--out` flag in `fetch` command allows Arbitrary File Write

Summary A path traversal vulnerability in the skill download fetch command allows attackers to write files to arbitrary locations on the filesystem. The --out= flag accepts user-provided paths without validation, enabling directory traversal attacks that can overwrite critical system files or...

CVE-2026-40938

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the git resolver's revision parameter is passed directly as a positional argument to git fetch without any validation...

Tekton Pipeline: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE

Summary The git resolver's revision parameter is passed directly as a positional argument to git fetch without any validation that it does not begin with a - character. Because git parses flags from mixed positional arguments, an attacker can inject arbitrary git fetch flags such as --upload-pack...

K000160934: Multiple Go vulnerabilities

Security Advisory Description CVE-2023-45285 Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This onl...

GHSA-6W67-HWM5-92MQ LMDeploy has Server-Side Request Forgery (SSRF) via Vision-Language Image Loading

Summary A Server-Side Request Forgery SSRF vulnerability exists in LMDeploy's vision-language module. The loadimage function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, an...

PT-2026-34180

Name of the Vulnerable Software and Affected Versions Tekton Pipelines versions 1.0.0 through 1.10.x Description The git resolver fails to validate the revision parameter, which is passed directly as a positional argument to the git fetch command. This allows an attacker to inject arbitrary flags...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010973)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010973 advisory. In the Linux kernel, the following vulnerability has been resolved: cpufreq: qcom-hw: Fix memory leak in qcomcpufreqhwreadlut If cpudev fails to get opp table in...

Tekton Pipelines 参数注入漏洞

Tekton Pipelines is a cloud-native pipeline developed by Tekton Open Source. In versions 1.0.0 to 1.11.0 of Tekton Pipelines, there is a parameter injection vulnerability. This vulnerability stems from the fact that the revision parameter of the git resolver is passed directly as a positional...

CVE-2026-41302 OpenClaw < 2026.3.31 - Server-Side Request Forgery via Unguarded fetch() in Marketplace Plugin Download

OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. Attackers can exploit unguarded fetch calls to access internal resources or interact with external...

CVE-2026-41302 OpenClaw < 2026.3.31 - Server-Side Request Forgery via Unguarded fetch() in Marketplace Plugin Download

OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. Attackers can exploit unguarded fetch calls to access internal resources or interact with external...

CVE-2026-41302

OpenClaw (npm) before 2026.3.31 is vulnerable to a server-side request forgery (SSRF) in the marketplace plugin download. The issue arises from unguarded fetch() calls, enabling an attacker to make arbitrary network requests from the affected system, potentially reaching internal resources or ext...

CVE-2026-6605 modelscope agentscope Internal Service _common.py _get_bytes_from_web_url server-side request forgery

A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function getbytesfromweburl of the file src/agentscope/utils/common.py of the component Internal Service. Performing a manipulation results in server-side request forgery. It is possible to initiate the...

OpenClaw: QQBot reply media URL handling could trigger SSRF and re-upload fetched bytes

Summary QQBot reply media URL handling could trigger SSRF and re-upload fetched bytes. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.12 Impact QQBot reply media URLs could be treated as trusted media sources, allowing SSRF fetches whose returned...

EUVD-2026-23452

OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the webfetch and websearch tools that allows attackers to access private and localhost HTTP services by manipulating tool parameters without proper validation of target addresses. Attackers can influence an...

CVE-2026-40516

Technical details about CVE-2026-40516 are not publicly available in the provided Connected documents; the description exists but without explicit vendor/product/versions in this set. Monitor for updates.

CVE-2026-40516 OpenHarness SSRF via web_fetch and web_search

OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the webfetch and websearch tools that allows attackers to access private and localhost HTTP services by manipulating tool parameters without proper validation of target addresses. Attackers can influence an...

CVE-2026-40516

OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the webfetch and websearch tools that allows attackers to access private and localhost HTTP services by manipulating tool parameters without proper validation of target addresses. Attackers can influence an...

CVE-2026-40516 OpenHarness SSRF via web_fetch and web_search

OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the webfetch and websearch tools that allows attackers to access private and localhost HTTP services by manipulating tool parameters without proper validation of target addresses. Attackers can influence an...

OpenHarness 安全漏洞

OpenHarness is a lightweight development and runtime framework for Data Intelligence Lab@HKU, open-source in nature. OpenHarness has a security vulnerability, which stems from the lack of target address validation in the webFetch and webSearch tools. This vulnerability may lead to server-side...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007466)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007466 advisory. In the Linux kernel, the following vulnerability has been resolved: protect the fetch of -fdfd in dodup2 from mispredictions both callers have verified that fd is n...