CVE-2026-3844 Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetchgravatarfromremote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

SUSE CVE-2026-40938

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the git resolver's revision parameter is passed directly as a positional argument to git fetch without any validation...

PT-2026-34629

Name of the Vulnerable Software and Affected Versions Breeze Cache versions prior to 2.4.5 Description An arbitrary file upload issue exists in the Breeze Cache plugin for WordPress, affecting approximately 400,000 active installations. The flaw is located in the fetch gravatar from remote...

VulnCheck KEV: CVE-2026-3844

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetchgravatarfromremote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

GHSA-R466-RXW4-3J9J Evolver: Path Traversal via `--out` flag in `fetch` command allows Arbitrary File Write

Summary A path traversal vulnerability in the skill download fetch command allows attackers to write files to arbitrary locations on the filesystem. The --out= flag accepts user-provided paths without validation, enabling directory traversal attacks that can overwrite critical system files or...

Evolver: Path Traversal via `--out` flag in `fetch` command allows Arbitrary File Write

Summary A path traversal vulnerability in the skill download fetch command allows attackers to write files to arbitrary locations on the filesystem. The --out= flag accepts user-provided paths without validation, enabling directory traversal attacks that can overwrite critical system files or...

CVE-2026-40938

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the git resolver's revision parameter is passed directly as a positional argument to git fetch without any validation...

Tekton Pipeline: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE

Summary The git resolver's revision parameter is passed directly as a positional argument to git fetch without any validation that it does not begin with a - character. Because git parses flags from mixed positional arguments, an attacker can inject arbitrary git fetch flags such as --upload-pack...

K000160934: Multiple Go vulnerabilities

Security Advisory Description CVE-2023-45285 Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This onl...

GHSA-6W67-HWM5-92MQ LMDeploy has Server-Side Request Forgery (SSRF) via Vision-Language Image Loading

Summary A Server-Side Request Forgery SSRF vulnerability exists in LMDeploy's vision-language module. The loadimage function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, an...

Tekton Pipelines 参数注入漏洞

Tekton Pipelines is a cloud-native pipeline developed by Tekton Open Source. In versions 1.0.0 to 1.11.0 of Tekton Pipelines, there is a parameter injection vulnerability. This vulnerability stems from the fact that the revision parameter of the git resolver is passed directly as a positional...

PT-2026-34180

Name of the Vulnerable Software and Affected Versions Tekton Pipelines versions 1.0.0 through 1.10.x Description The git resolver fails to validate the revision parameter, which is passed directly as a positional argument to the git fetch command. This allows an attacker to inject arbitrary flags...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010973)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010973 advisory. In the Linux kernel, the following vulnerability has been resolved: cpufreq: qcom-hw: Fix memory leak in qcomcpufreqhwreadlut If cpudev fails to get opp table in...

CVE-2026-41302

OpenClaw (npm) before 2026.3.31 is vulnerable to a server-side request forgery (SSRF) in the marketplace plugin download. The issue arises from unguarded fetch() calls, enabling an attacker to make arbitrary network requests from the affected system, potentially reaching internal resources or ext...

CVE-2026-41302 OpenClaw < 2026.3.31 - Server-Side Request Forgery via Unguarded fetch() in Marketplace Plugin Download

OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. Attackers can exploit unguarded fetch calls to access internal resources or interact with external...

CVE-2026-41302 OpenClaw < 2026.3.31 - Server-Side Request Forgery via Unguarded fetch() in Marketplace Plugin Download

OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. Attackers can exploit unguarded fetch calls to access internal resources or interact with external...

CVE-2026-6605 modelscope agentscope Internal Service _common.py _get_bytes_from_web_url server-side request forgery

A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function getbytesfromweburl of the file src/agentscope/utils/common.py of the component Internal Service. Performing a manipulation results in server-side request forgery. It is possible to initiate the...

OpenClaw: QQBot reply media URL handling could trigger SSRF and re-upload fetched bytes

Summary QQBot reply media URL handling could trigger SSRF and re-upload fetched bytes. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.12 Impact QQBot reply media URLs could be treated as trusted media sources, allowing SSRF fetches whose returned...

EUVD-2026-23452

OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the webfetch and websearch tools that allows attackers to access private and localhost HTTP services by manipulating tool parameters without proper validation of target addresses. Attackers can influence an...

CVE-2026-40516 OpenHarness SSRF via web_fetch and web_search

OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the webfetch and websearch tools that allows attackers to access private and localhost HTTP services by manipulating tool parameters without proper validation of target addresses. Attackers can influence an...