USN-8385-1 robocode vulnerabilities

It was discovered that Robocode could be tricked into making network requests to attacker-controlled systems. An attacker could possibly use this issue to cause external service interaction, resulting in information disclosure. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS...

Prototype Pollution

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Prototype Pollution through the config.proxy property in the HTTP adapter, which accesses properties via the prototype chain. An attacker can intercept an...

EUVD-2026-33012

Improper Neutralization of Input During Web Page Generation CWE-79 in Kibana can lead to stored HTML injection. A user with write access to an Elasticsearch index could persist crafted markup which, when subsequently rendered through an affected Kibana view by another user, was not sufficiently...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : .NET vulnerability (USN-8298-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8298-1 advisory. Muhammad Abdul Rehman discovered that .NET incorrectly handled certain network requests, leading to a loop with an unreachable exi...

USN-8298-1: .NET vulnerability

Muhammad Abdul Rehman discovered that .NET incorrectly handled certain network requests, leading to a loop with an unreachable exit condition. A remote attacker could possibly use this issue to consume excessive resources, resulting in a denial of service...

USN-8298-1 dotnet8, dotnet9, dotnet10 vulnerability

Muhammad Abdul Rehman discovered that .NET incorrectly handled certain network requests, leading to a loop with an unreachable exit condition. A remote attacker could possibly use this issue to consume excessive resources, resulting in a denial of service...

Malicious code in vestibulect (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82da0f0bb40f42e69defbea694db093f2ad880c8c094508f61e2d7fe58550e2e package.json declares a postinstall hook "postinstall": "node install.js" which executes install.js automatically on npm install. install.js imports ...

MAL-2026-4517 Malicious code in chalk-tempalte (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3e82f6fa2867575be5e57fd3b03dada6a93761c97b240f77f98f4b221bde7a7 Package name chalk-tempalte is a single-character transposition of the popular chalk-template package a top-tier npm utility, consistent with...

CVE-2026-6394 Nexa Blocks <= 1.1.1 - Unauthenticated Blind Server-Side Request Forgery via 'demo_json_file' Parameter

The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Server-Side Request Forgery SSRF in versions up to and including 1.1.1. This is due to the importdemo function accepting a user-supplied URL in the demojsonfile POST parameter and...

CVE-2026-46722

The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...

CVE-2026-42281

MagicMirror² is an open source modular smart mirror platform. Prior to 2.36.0, an unauthenticated Server-Side Request Forgery SSRF vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadat...

EUVD-2026-30313

MagicMirror² is an open source modular smart mirror platform. Prior to 2.36.0, an unauthenticated Server-Side Request Forgery SSRF vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadat...

EUVD-2026-28868

FastGPT is an AI Agent building platform. Prior to version 4.14.17, an unauthenticated Server-Side Request Forgery SSRF vulnerability allows attackers or authenticated users with App editing privileges to send arbitrary HTTP requests to internal/private network addresses. The fetchData function i...

Astra Linux - уязвимость в texlive-bin

LuaTeX before 1.17.0 allows a document compiled with the default settings to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5...

Server-side Request Forgery (SSRF)

Overview phpoffice/phpspreadsheet is a Spreadsheet engine that Read, Create and Write Spreadsheet documents in PHP . Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the IOFactory::load process. An attacker can execute arbitrary code or initiate unauthorize...

SUSE CVE-2025-66286

An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP request...

CVE-2025-66286

An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP request...

CVE-2025-66286

Technical details about CVE-2025-66286 are not publicly available in the provided documents. Monitor for updates from Red Hat, WebKitGTK, and WPE WebKit for affected products, versions, impact, and fixes.

CVE-2025-66286 Webkitgtk: authorization bypass through webpage::send-request signal handler

An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP request...

CVE-2025-66286 Webkitgtk: authorization bypass through webpage::send-request signal handler

An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP request...