CVE-2026-33284 GlobalLeaks has insufficient URL validation in user support API

GlobaLeaks is free and open-source whistleblowing software. Prior to version 5.0.89, the /api/support endpoint of GlobaLeaks performs minimal validation on user-submitted support requests. As a result, arbitrary URLs can be included in support emails sent to administrators. Version 5.0.89 patches...

GlobaLeaks: No valid SPF records on demo.globaleaks.org

User originally noticed www.globaleaks.org was without SPF record. This is out of scope, but demo.globaleaks.org lacks it as well. Marked as informative...