Weblate: Authenticated SSRF via redirect bypass of ALLOWED_ASSET_DOMAINS in screenshot URL uploads

Impact The ALLOWEDASSETDOMAINS setting applied only to the first issued requests and didn't restrict possible redirects. Patches https://github.com/WeblateOrg/weblate/pull/18550 References This issue was reported by @spbavarva via GitHub...

GHSA-CGP8-4M63-FHH5

creationtimestamp| type| source ---|---|--- 2025-07-16 11:53:58+00:00| seen| https://gist.github.com/safer-bot/33eb6239930b41b47aec1e2045875722...

GHSA-4446-656P-F54G

creationtimestamp| type| source ---|---|--- 2025-07-16 05:01:52+00:00| seen| https://gist.github.com/safer-bot/462e0a3d9968559e1a005f457ab6feb0...

GHSA-GW85-4GMF-M7RH

creationtimestamp| type| source ---|---|--- 2025-07-16 03:12:23+00:00| seen| https://gist.github.com/safer-bot/79174d0c201539d79b25fe0f667fa43e 2025-07-16 03:39:54+00:00| seen| https://gist.github.com/safer-bot/2d5f96fb1f5118b0adf472cee7a0dff8 2025-07-16 09:53:00+00:00| seen|...

GO-2025-3733 Navidrome Transcoding Permission Bypass Vulnerability Report in github.com/navidrome/navidrome

Navidrome Transcoding Permission Bypass Vulnerability Report in github.com/navidrome/navidrome...

GHSA-2Q8V-3GQQ-4F8P

creationtimestamp| type| source ---|---|--- 2024-01-19 17:31:38+00:00| seen| https://t.me/ctinow/170302 2025-03-25 20:45:26+00:00| seen| https://gist.github.com/FuzzysTodd/a25832bda87aee97912ff5c363392c03...