CVE-2026-45000

OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP profile creation that skips strict-mode SSRF policy checks. Attackers can create stored profiles pointing to private-network or metadata endpoints that bypass security policies and are later probed durin...

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving large language models LLMs, has come under active exploitation in the wild less than 13 hours after its public disclosure. The vulnerability, tracked as CVE-2026-33626 CVSS score: 7.5, relate...

CVE-2026-33626

LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery SSRF vulnerability in LMDeploy's vision-language module. The loadimage function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating...

PT-2026-27236

OpenClaw before 2026.3.1 contains a server-side request forgery vulnerability in web search citation redirect resolution that allows attackers to target private-network destinations. Attackers who influence citation redirect targets can trigger internal-network requests from the OpenClaw gateway...

CVE-2026-33060 CKAN MCP Server: SSRF via base_url allows access to internal networks

CKAN MCP Server is a tool for querying CKAN open data portals. Versions prior to 0.4.85 provide tools including ckanpackagesearch and sparqlquery that accept a baseurl parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to...

Linux Distros Unpatched Vulnerability : CVE-2020-8562

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when...

CVE-2025-25234

Omnissa UAG contains a Cross-Origin Resource Sharing CORS bypass vulnerability. A malicious actor with network access to UAG may be able to bypass administrator-configured CORS restrictions to gain access to sensitive networks...

PT-2023-20646 · Unknown · Imageconverter Service

Name of the Vulnerable Software and Affected Versions: imageconverter service affected versions not specified Description: The issue allows requests to cache an image to be abused, including SQL queries that would be executed unchecked. Exploiting this requires at least access to adjacent network...

CVE-2021-22685

An attacker may be able to use minify route with a relative path to view any file on the Cassia Networks Access Controller prior to 2.0.1...

Atlassian Jira 代码问题漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace.Digital Bazaar Forge is a native implementation of Tls in Javascript and an open source tool for writing encryption-based and...

CVE-2020-14803

Vulnerability in the Java SE product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of th...