Linux Distros Unpatched Vulnerability : CVE-2026-47326

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a memory leak in the handling of big responses to AppArmor notifications. The bug can be triggered by ...

XML External Entity (XXE) Injection

ome, pom-bio-formats is vulnerable to XML External Entity XXE Injection. The vulnerability is due to insecure configuration of DocumentBuilderFactory while parsing Leica XML metadata files, which allows an attacker to perform SSRF, access local resources, or trigger denial of service through...

DeepSeek TUI has SSRF‌ IPV6 bypass

Summary Although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in‌‌ URL‌ as http://::1, the SSRF defenses do not work. Details...

GHSA-88GH-2526-GFRR DeepSeek TUI has SSRF‌ IPV6 bypass

Summary Although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in‌‌ URL‌ as http://::1, the SSRF defenses do not work. Details...

PT-2026-41185

Name of the Vulnerable Software and Affected Versions CodeWhale versions prior to 0.8.26 Description Server-Side Request Forgery SSRF occurs when the application fails to properly validate IPv6 addresses provided directly in a URL, such as http://::1. While the system validates hostnames that...

CVE-2016-20029

ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including...

CVE-2026-22186

Bio-Formats versions up to and including 8.3.0 contain an XML External Entity XXE vulnerability in the Leica Microsystems metadata parsing component e.g., XLEF. The parser uses an insecurely configured DocumentBuilderFactory when processing Leica XML-based metadata files, allowing external entity...

CVE-2026-22186

Bio-Formats versions up to and including 8.3.0 contain an XML External Entity XXE vulnerability in the Leica Microsystems metadata parsing component e.g., XLEF. The parser uses an insecurely configured DocumentBuilderFactory when processing Leica XML-based metadata files, allowing external entity...

CVE-2026-22186

Bio-Formats

CVE-2026-22186 Bio-Formats <= 8.3.0 XXE in Leica XLEF Metadata Parser

Bio-Formats versions up to and including 8.3.0 contain an XML External Entity XXE vulnerability in the Leica Microsystems metadata parsing component e.g., XLEF. The parser uses an insecurely configured DocumentBuilderFactory when processing Leica XML-based metadata files, allowing external entity...

Bio-Formats 代码问题漏洞

Bio-Formats is an Open Microscopy Environment open source Java library for reading and writing various microscopy imaging proprietary file formats. A code issue vulnerability exists in Bio-Formats 8.3.0 and prior versions that stems from an XML external entity vulnerability in the Leica...

EUVD-2025-201756

In InputMethodInfo of InputMethodInfo.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

BIT-ACTIVEMQ-2021-21342 A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

EUVD-2018-0775

Malware in sbrugna...

EUVD-2008-3054

Malware in sbrugna...

EUVD-2017-11422

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-20066

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled...

DEBIAN-CVE-2025-6140

A vulnerability, which was classified as problematic, was found in spdlog up to 1.15.1. This affects the function scopedpadder in the library include/spdlog/patternformatter-inl.h. The manipulation leads to resource consumption. It is possible to launch the attack on the local host. The exploit h...

SUSE CVE-2024-48052

In gradio =4.42.0, the gr.DownloadButton function has a hidden server-side request forgery SSRF vulnerability. The reason is that within the saveurltocache function, there are no restrictions on the URL, which allows access to local target resources. This can lead to the download of local resourc...

CVE-2024-48052

In gradio =4.42.0, the gr.DownloadButton function has a hidden server-side request forgery SSRF vulnerability. The reason is that within the saveurltocache function, there are no restrictions on the URL, which allows access to local target resources. This can lead to the download of local resourc...