185 matches found
CVE-2026-55599
phpseclib is a PHP secure communications library. From 0.1.1 until 1.0.30, 2.0.55, and 3.0.54, when an application validates an untrusted X.509 certificate with phpseclib, X509::validateSignature reads a URL out of that certificate's Authority Information Access AIA extension and connects to it...
CVE-2026-44363
MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7, an unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The htmltomarkdown module accepted arbitrary HTTPS URLs without sufficient validation, which could allo...
CVE-2026-33386 XSS in QuickCMS
QuickCMS is vulnerable to Cross-Site Scripting XSS through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a Man‑in‑the‑Middle MITM attack by impersonating the opensolution.org server and serving arbitrary HTML or JavaScript at the plugin list endpoint. When a...
compliance-trestle Vulnerable to SSRF in Remote Fetching Subsystem
A source code audit led to the discovery of three significant security vulnerabilities in the trestle/core/remote/cache.py module. Finding 1 Critical: SSRF CWE-918 The HTTPSFetcher.dofetch method passes a user-supplied URL directly to requests.get without validation. This allows an attacker to...
PT-2026-44731
A source code audit led to the discovery of three significant security vulnerabilities in the trestle/core/remote/cache.py module. Finding 1 Critical: SSRF CWE-918 The HTTPSFetcher. do fetch method passes a user-supplied URL directly to requests.get without validation. This allows an attacker to...
Directory Traversal
Overview compliance-trestle is a Tools to manage & autogenerate python objects representing the OSCAL layers/models Affected versions of this package are vulnerable to Directory Traversal through remote cache fetching. An attacker can write arbitrary files to locations outside the intended cache...
MAL-2026-4503 Malicious code in bytecore (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c1ddd2dea35052822d2dc89f0f46ceae20c772c257e0c97f0024483e9ff31c0 The package masquerades as a pino-like logging middleware README is copied from pino, exports a pino property, mimics pino's option shape but the...
CVE-2026-44363
The CVE-2026-44363 issue affects MISP modules (misp-modules), specifically the html_to_markdown and qrcode modules. Root cause: unsafe remote resource fetching and insufficient URL validation, with qrcode also disabling TLS certificate verification. Impact: potential Server-Side Request Forgery (...
CVE-2026-44363
MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7, an unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The htmltomarkdown module accepted arbitrary HTTPS URLs without sufficient validation, which could allo...
CVE-2026-0258 PAN-OS: Server-Side Request Forgery (SSRF) in IKEv2 Certificate URL Fetching
A server-side request forgery SSRF vulnerability in the IKEv2 implementation of Palo Alto Networks PAN-OS® software allows an unauthenticated attacker to cause the firewall to send network requests to unintended destinations or cause a denial of service DoS condition. Panorama, Cloud NGFW and...
CVE-2026-0258
CVE-2026-0258 describes a server-side request forgery (SSRF) in the IKEv2 components of PAN-OS. An unauthenticated attacker could cause the firewall to issue network requests to unintended destinations or trigger a DoS condition. Affected scope is PAN-OS IKEv2 certificate URL fetching (per CVE re...
CVE-2026-44286 FastGPT: SSRF Vulnerability in Laf Workflow Node via Missing Internal Address Validation
FastGPT is an AI Agent building platform. Prior to version 4.14.17, an unauthenticated Server-Side Request Forgery SSRF vulnerability allows attackers or authenticated users with App editing privileges to send arbitrary HTTP requests to internal/private network addresses. The fetchData function i...
go-git 安全漏洞
go-git is an open-source, highly scalable Git implementation written entirely in Go. Versions of go-git prior to 5.18.0 and 6.0.0-alpha.2 contained security vulnerabilities. These vulnerabilities were due to a flaw where, during intelligent HTTP cloning and fetch operations, redirecting could lea...
EUVD-2026-26074
A weakness has been identified in o2oa up to 10.0. This affects the function FileAction of the file FileAction.java of the component URL Fetching. Executing a manipulation of the argument fileUrl can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit ha...
CVE-2026-7291
Technical details (affected products, versions, root cause, impact, and remediation) are not publicly available in the provided documents; monitor for updates.
CVE-2026-7291 o2oa URL Fetching FileAction.java FileAction server-side request forgery
A weakness has been identified in o2oa up to 10.0. This affects the function FileAction of the file FileAction.java of the component URL Fetching. Executing a manipulation of the argument fileUrl can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit ha...
PT-2026-35752
A weakness has been identified in o2oa up to 10.0. This affects the function FileAction of the file FileAction.java of the component URL Fetching. Executing a manipulation of the argument fileUrl can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit ha...
CVE-2026-35207 deepinid plugin in dde-control-center is configured to skip TLS certificate verification when downloading avatar from remote server
dde-control-center is the control panel of DDE, the Deepin Desktop Environment. plugin-deepinid is a plugin in dde-control-center, which provides the deepinid cloud service. Prior to 6.1.80, plugin-deepinid is configured to skip TLS certificate verification when fetching the user's avatar from...
CVE-2026-39843 Plane has a Server-Side Request Forgery (SSRF) in Favicon Fetching
Plane is an an open-source project management tool. From 0.28.0 to before 1.3.0, the remediation of GHSA-jcc6-f9v6-f7jw is incomplete which could lead to the same full read Server-Side Request Forgery when a normal html page contains a link tag with an href that redirects to a private IP address ...
CVE-2026-39843
CVE-2026-39843 affects Plane prior to 1.3.0. The favicon fetch path is vulnerable because fetch_and_encode_favicon() uses a redirects-enabled request, allowing Server-Side Request Forgery when a page contains a link tag with an href redirecting to a private IP, supplied by an authenticated attack...