CVE-2026-40150

PraxisonAIAgents’ web_crawl() (praisonaiagents/tools/web_crawl_tools.py) before version 1.5.128 accepts arbitrary URLs with zero validation. There is no scheme allowlisting, hostname/IP blocklisting, or private-network checks prior to fetching, enabling potential SSRF and local file read via file...

UBUNTU-CVE-2026-21711

A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket UDS server operations without the required permission checks, while all comparable network paths correctly enforce them. As a result, code running under --permission without --allow-net can create and expose local IP...

CVE-2026-21711

Mode C Insight: CVE-2026-21711 (Node.js) affects Node.js 25.x processes using the Permission Model where --allow-net is omitted. The vulnerability allows a Unix Domain Socket (UDS) server to operate without the required permission checks, enabling IPC endpoints to be created/exposed locally outsi...

CVE-2026-32236 @backstage/plugin-auth-backend: SSRF in experimental CIMD metadata fetch

Backstage is an open framework for building developer portals. Prior to 0.27.1, a Server-Side Request Forgery SSRF vulnerability exists in @backstage/plugin-auth-backend when auth.experimentalClientIdMetadataDocuments.enabled is set to true. The CIMD metadata fetch validates the initial clientid...

CVE-2026-32110

SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and...

EUVD-2024-2762

Malicious code in bioql PyPI...

CVE-2022-46156

The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The authentication token...

Medium: amazon-ecr-credential-helper

Issue Overview: The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. CVE-2024-24790 Affected Packages: amazon-ecr-credential-helper Note: This advisory is...

CVE-2022-46156 Grafana's default installation of `synthetic-monitoring-agent` exposes sensitive information

The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The authentication token...

CVE-2022-46156 Grafana's default installation of `synthetic-monitoring-agent` exposes sensitive information

The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The authentication token...

Greyware Automation Products Inc 安全漏洞

Greyware Automation is a software application. Time synchronization, testing, management and auditing software. A security vulnerability exists in Greyware Automation Products Inc, which allows remote attackers to exploit the vulnerability to execute arbitrary code via a URL to perform a maliciou...