CVE-2026-28797

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions 0.24.0 and prior, a Server-Side Template Injection SSTI vulnerability exists in RAGFlow's Agent workflow Text Processing StringTransform and Message components. These components use Python's jinja2.Template unsandbox...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in external media URLs passed to sendMessageComponents and other methods that take input originating from MessagegetComponents. An attacker can trigger the application to download arbitrary external...

EUVD-2025-202169

JDA Java Discord API downloads external URLs when updating message components...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: phonet: fixed the rtmphonetnotify function’s skb allocation. The fillroute function stores three components in the skb: - struct rtmsg - RTADST u8 - RTAOIF u32 Therefore, rtmphonetnotify should use: NLMSGALIGNsizeofstruct rtmsg...

SUSE CVE-2024-36946

In the Linux kernel, the following vulnerability has been resolved: phonet: fix rtmphonetnotify skb allocation fillroute stores three components in the skb: - struct rtmsg - RTADST u8 - RTAOIF u32 Therefore, rtmphonetnotify should use NLMSGALIGNsizeofstruct rtmsg + nlatotalsize1 + nlatotalsize4...