Casdoor vulnerable to SSRF via crafted Webhook URL

A weakness has been identified in Casdoor 2.356.0. This vulnerability affects unknown code of the component Webhook URL Handler. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not...

EUVD-2026-18641

In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: Fix interrupt storm after receiving bad ifid in IRQ handler Commit 31a7a0bbeb00 "dpaa2-switch: add bounds check for ifid in IRQ handler" introduces a range check for ifid to avoid an out-of-bounds access. If an...

CVE-2026-5469

A weakness has been identified in Casdoor 2.356.0. This vulnerability affects unknown code of the component Webhook URL Handler. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not...

CVE-2026-23469

CVE-2026-23469 concerns the Linux kernel’s drm/imagination driver, where a race between the Runtime PM suspend callback and the IRQ handler could let the IRQ thread access GPU registers while the GPU is suspended. The description in multiple sources states that synchronize_irq() should be awaited...

CVE-2026-23435

The CVE-2026-23435 entries describe a Linux kernel PMU/X86 perf vulnerability that was resolved. The root cause was a commit that moved cpuc->events[idx] assignment out of x86_pmu_start() into step 2 of x86_pmu_enable(), after PERF_HES_ARCH checks. This could allow a path that calls pmu->st...

CVE-2026-5469

CVE-2026-5469 affects Casdoor v2.356.0, specifically the Webhook URL Handler component. A manipulation can lead to server-side request forgery (SSRF) that can be launched remotely. The vulnerability details indicate unknown code involvement within the Webhook URL Handler and do not provide a publ...

CVE-2026-5469 Casdoor Webhook URL server-side request forgery

A weakness has been identified in Casdoor 2.356.0. This vulnerability affects unknown code of the component Webhook URL Handler. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not...

CVE-2026-5469

A weakness has been identified in Casdoor 2.356.0. This vulnerability affects unknown code of the component Webhook URL Handler. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not...

CVE-2026-23422

In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: Fix interrupt storm after receiving bad ifid in IRQ handler Commit 31a7a0bbeb00 "dpaa2-switch: add bounds check for ifid in IRQ handler" introduces a range check for ifid to avoid an out-of-bounds access. If an...

CVE-2026-23422 dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler

In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: Fix interrupt storm after receiving bad ifid in IRQ handler Commit 31a7a0bbeb00 "dpaa2-switch: add bounds check for ifid in IRQ handler" introduces a range check for ifid to avoid an out-of-bounds access. If an...

CVE-2026-23422

In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: Fix interrupt storm after receiving bad ifid in IRQ handler Commit 31a7a0bbeb00 "dpaa2-switch: add bounds check for ifid in IRQ handler" introduces a range check for ifid to avoid an out-of-bounds access. If an...

CVE-2026-23422

CVE-2026-23422 concerns the Linux kernel’s dpaa2-switch component. An out-of-bounds if_id detected in the IRQ handler could leave the interrupt status uncleared, potentially causing an interrupt storm and a DoS-like condition. The technical details in connected documents show the root cause as mi...

GHSA-MJ24-PQX2-6788 Casdoor vulnerable to Open Redirect

A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is some unknown functionality of the component OAuth Authorization Request Handler. Such manipulation of the argument redirecturi leads to open redirect. It is possible to launch the attack remotely. The exploit is publicly...

CVE-2026-5467

A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is some unknown functionality of the component OAuth Authorization Request Handler. Such manipulation of the argument redirecturi leads to open redirect. It is possible to launch the attack remotely. The exploit is publicly...

CVE-2026-5322

A vulnerability has been found in AlejandroArciniegas mcp-data-vis bc597e391f184d2187062fd567599a3cb72adf51/de5a51525a69822290eaee569a1ab447b490746d. This affects the function Request of the file src/servers/database/server.js of the component MCP Handler. The manipulation leads to sql injection...

CVE-2026-5326

A vulnerability was identified in SourceCodester Leave Application System 1.0. Impacted is an unknown function of the file /index.php?page=manageuser of the component User Information Handler. Such manipulation of the argument ID leads to authorization bypass. The attack can be executed remotely...

CVE-2026-35537

A flaw was found in Roundcube Webmail. Unauthenticated attackers can exploit an unsafe deserialization vulnerability in the redis/memcache session handler. This allows for arbitrary file write operations by crafting malicious session data. The primary impact is the ability to write files to the...

GHSA-RXJ3-RRWM-PJ4R Roundcube Webmail: Unsafe deserialization in the redis/memcache session handler

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file write operations by unauthenticated attackers via crafted session data...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the session handler for redis and memcache. An attacker can perform arbitrary file write operations by submitting crafted session data. Details Serialization is a process of converting an object into...

CVE-2026-35537

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file write operations by unauthenticated attackers via crafted session data...