EUVD-2026-33622

Server-Side Request Forgery SSRF in the UrlImageConverter component of Apache Fesod Incubating fesod-sheet before 2.0.2-incubating allows attackers to cause outbound network requests to internal or otherwise restricted resources via a user-supplied image URL. Users are recommended to upgrade to...

“Reprompt” attack lets attackers steal data from Microsoft Copilot

Researchers found a method to steal data which bypasses Microsoft Copilot's built-in safety mechanisms. The attack flow, called Reprompt , abuses how Microsoft Copilot handled URL parameters in order to hijack a user’s existing Copilot Personal session. Copilot is an AI assistant which connects t...

SUSE CVE-2025-26625

Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...

EUVD-2024-0239

Malicious code in bioql PyPI...

CVE-2025-58361 Promptcraft Forge Studio's incomplete URL check is vulnerable to XSS via SVG

Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions contain an non-exhaustive URL scheme check that does not protect against XSS. User-controlled URLs pass through src/utils/validation.ts, but the check only strips javascript: a...

Linux Distros Unpatched Vulnerability : CVE-2019-12308

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the...

CVE-2025-55166

The CVE-2025-55166 issue affects the PHP SVG sanitizer project svg-sanitizer. Before version 0.22.0, the cleanXlinkHrefs function only searches for lower-case attribute names, allowing bypass of the isHrefSafeValue check and enabling cross-site scripting or linking to external domains. A fix is a...

thunderbird: User Interface (UI) Misrepresentation of attachment URL

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the...

Chatwork Desktop Application (Windows) uses a potentially dangerous function

Overview Chatwork Desktop Application Windows provided by kubell Co., Ltd. contains an issue with use of potentially dangerous function CWE-676, which allows a user to access an external website via a link in the application. RyotaK of Flatt Security Inc. directly reported this vulnerability to t...

PT-2024-25691

Name of the Vulnerable Software and Affected Versions MantisBT versions prior to 2.26.2 Description The issue affects MantisBT, an open source issue tracker, where an issue referencing a note from another issue that the user does not have access to becomes hyperlinked. Although clicking the link...

Think Before You Share the Link: SaaS in the Real World

Collaboration sits at the essence of SaaS applications. The word, or some form of it, appears in the top two headlines on Google Workspace's homepage. It can be found six times on Microsoft 365's homepage, three times on Box, and once on Workday. Visit nearly any SaaS site, and odds are...

OESA-2022-2029 git security update

Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.Git is easy to learn and has a tiny footprint with lightning fast performance. It outclasses SCM tools like Subversion, CVS, Perforce,and...

Lura和KrakenD 安全漏洞

Lura is Lura Project open source an ultra-high-performance API gateway and middleware assembled together open framework.KrakenD is KrakenD open source a scalable ultra-high-performance API gateway. Helps you easily adopt microservices and secure communications. A security vulnerability exists in...

CVE-2022-22156

An Improper Certificate Validation weakness in the Juniper Networks Junos OS allows an attacker to perform Person-in-the-Middle PitM attacks when a system script is fetched from a remote source at a specified HTTPS URL, which may compromise the integrity and confidentiality of the device. The...

ALPINE-CVE-2019-12308

An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provid...

CDRDAO 1.1.x - Home Directory Configuration File Symbolic Link (4)

source: https://www.securityfocus.com/bid/3865/info CDRDAO is a freely available, open source CD recording software package available for the Unix and Linux Operating Systems. It is maintained by Andreas Mueller. When CDRDAO saves it's configuration to the .cdrdao file in a user's home directory,...