CVE-2026-43009

The CVE-2026-43009 family concerns the Linux kernel BPF verifier. Connected sources describe a bug where backtrack_insn did not correctly account for atomic fetch variants (BPF_ATOMIC with BPF_FETCH) during memory-precision tracking, causing the verifier to prune paths incorrectly. The fix extend...

EUVD-2026-26491

Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the API to retrieve a policy from a remote URI, an outbound request is made for arbitrary protocols and internal IP...

CVE-2026-42404 Apache Neethi: Unrestricted HTTP Redirect Following in Policy References

Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the API to retrieve a policy from a remote URI, an outbound request is made for arbitrary protocols and internal IP...

WordPress Go Fetch Jobs (for WP Job Manager) plugin <= 1.8.4.8.1 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Go Fetch Jobs for WP Job Manager versions = 1.8.4.8.1...

PT-2026-36426

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel eBPF verifier where the backtrack insn function fails to correctly handle atomic fetch operations. When encountering a BPF STX instruction with BPF...

PT-2026-36313

Name of the Vulnerable Software and Affected Versions Apache Neethi versions prior to 3.2.2 Description The PolicyReference API does not impose restrictions on URIs when manually fetching remote policy references. This allows an application that explicitly calls the API to make outbound requests...

CVE-2025-14688

CVE-2025-14688 affects IBM Db2 Server on Linux, UNIX, and Windows (V11.5.0–11.5.9; V12.1.0–12.1.3; includes Db2 Connect Server) where an authenticated user can trigger a denial of service due to improper neutralization of special elements in data query logic under specific configuration condition...

CVE-2025-14688 IBM® Db2® is vulnerable to a denial of service when fetching from certain tables under specific configurations

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when certain configurations exist...

Exploit for CVE-2026-3844

CVE-2026-3844 — Breeze Cache RCE Unauthenticated Arbitrary...

CVE-2026-7403

A security flaw has been discovered in geldata gel-mcp 0.1.0. This impacts the function listrules/fetchrule of the file src/gelmcp/server.py. The manipulation of the argument rulename results in path traversal. The attack may be performed from remote. The exploit has been released to the public a...

CVE-2026-7403 geldata gel-mcp server.py fetch_rule path traversal

A security flaw has been discovered in geldata gel-mcp 0.1.0. This impacts the function listrules/fetchrule of the file src/gelmcp/server.py. The manipulation of the argument rulename results in path traversal. The attack may be performed from remote. The exploit has been released to the public a...

CVE-2026-7403

CVE-2026-7403 affects geldata gel-mcp 0.1.0. The vulnerability is in src/gel_mcp/server.py, function list_rules/fetch_rule, where manipulating the argument rule_name enables path traversal. This could be exploited remotely; the exploit is publicly available. The project was informed of the issue ...

Gel MCP server 路径遍历漏洞

The Gel MCP server is a MCP server tool developed by Gel for the Gel open-source database. Version 0.1.0 of the Gel MCP server contains a path traversal vulnerability. This vulnerability stems from improper handling of the parameter rulename in the listrules/fetchrule function located in the file...

PT-2026-36005

A security flaw has been discovered in geldata gel-mcp 0.1.0. This impacts the function list rules/fetch rule of the file src/gel mcp/server.py. The manipulation of the argument rule name results in path traversal. The attack may be performed from remote. The exploit has been released to the publ...

CVE-2026-41914

OpenClaw contains a server-side request forgery in QQ Bot media download paths prior to 2026.4.8. The issue allows unprotected media fetch endpoints to bypass SSRF protection and access internal resources, circumventing allowlists. Affected package: openclaw (QQ Bot extension) with versions

CVE-2026-41914 OpenClaw < 2026.4.8 - Server-Side Request Forgery in QQ Bot Media Fetch Paths

OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in QQ Bot media download paths that bypass SSRF protection. Attackers can exploit unprotected media fetch endpoints to access internal resources and bypass allowlist policies...

CVE-2026-41914 OpenClaw < 2026.4.8 - Server-Side Request Forgery in QQ Bot Media Fetch Paths

OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in QQ Bot media download paths that bypass SSRF protection. Attackers can exploit unprotected media fetch endpoints to access internal resources and bypass allowlist policies...

CVE-2026-41914

OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in QQ Bot media download paths that bypass SSRF protection. Attackers can exploit unprotected media fetch endpoints to access internal resources and bypass allowlist policies...

GHSA-R2JQ-4H3X-RFJ6 BigSweetPotatoStudio HyperChat has a Server-Side Request Forgery issue

A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...

BigSweetPotatoStudio HyperChat has a Server-Side Request Forgery issue

A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...