CVE-2026-55487

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic peer-suffix normalizer also stripped parenthesized text from git, URL, tarball, file, and other opaque locators. Approval for one source string could therefore authorize a different attacker-controlled source whose locator...

EUVD-2026-39481

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic peer-suffix normalizer also stripped parenthesized text from git, URL, tarball, file, and other opaque locators. Approval for one source string could therefore authorize a different attacker-controlled source whose locator...

CVE-2026-43924 FOSSBilling has an open redirect via administrator-configured redirect targets

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Redirect module does not validate the URL scheme of administrator-configured destination URLs before storing or issuing redirects. This allows arbitrary external URLs to be configured as redirect...

MoviePilot 安全漏洞

MoviePilot is an automated film resource management tool developed by jxxghp. Version 2 of MoviePilot has a security vulnerability. This vulnerability stems from a server-side request forgery in the image proxy endpoint, which may allow authenticated attackers to request arbitrary URLs and...

EUVD-2026-10488

HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URL...

CVE-2026-25761

creationtimestamp| type| source ---|---|--- 2026-02-09 21:20:08+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mehetze3mn22 2026-02-09 21:20:09+00:00| seen| https://bsky.app/profile/potato.software/post/3meheu2azx225...

CVE-2025-54234 ColdFusion | Server-Side Request Forgery (SSRF) (CWE-918)

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to limited file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs...

Malicious code in webdriver-semantic-locators (npm)

The package webdriver-semantic-locators was found to contain malicious code...

MAL-2025-38998 Malicious code in webdriver-semantic-locators (npm)

The package webdriver-semantic-locators was found to contain malicious code...

Mozilla: Incorrect parsing of relative URLs starting with "///"

The Mozilla Foundation Security Advisory describes this flaw as: Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites...

DEBIAN-CVE-2023-46848

Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input...

Canonical Landscape 输入验证错误漏洞

Canonical Landscape is a system administration tool from Canonical UK. A security vulnerability exists in Canonical Landscape that originates from allowing open redirects via URLs...

The vulnerability in the Networking component of the OpenJDK project’s Java programming language allows attackers to compromise data integrity and violate data confidentiality.

The vulnerability of the Networking component of the OpenJDK Java programming language project is related to the possibility of failing to verify URL addresses. Exploiting this vulnerability could allow a malicious actor to compromise data integrity and violate data confidentiality...

The vulnerability of the Locator/ID Separation (LISP) protocol implementation in Cisco IOS allows a hacker to bypass the authentication process.

The vulnerability of the Locator/ID Separation LISP protocol implementation in Cisco IOS is related to defects in the authentication process logical error. Exploiting this vulnerability allows a malicious actor to bypass the authentication process by using special registration requests that trigg...

Cisco IOS XE Software Authentication Bypass Vulnerability

Cisco IOS XE is an operating system developed by the American company Cisco Cisco for its network equipment. A security vulnerability exists in the implementation of the Locator/ID Separation Protocol LISP in Cisco IOS XE. A remote attacker could exploit this vulnerability to bypass authenticatio...

Microsoft Indexing Service ActiveX Memory Corruption (MS09-057; CVE-2009-2507)

The Microsoft Windows Indexing Service is a base service that extracts content from files and constructs an indexed catalog to facilitate efficient and rapid searching. A remote code execution vulnerability has been reported in the Microsoft Indexing Service. The vulnerability is caused by an...