Lucene search
K

35 matches found

OSV
OSV
added 2026/05/28 7:18 p.m.9 views

GHSA-G23J-2VWM-5C25 local-deep-research has an SSRF bypass in `safe_get`

Summary The URL checking logic in local-deep-research has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. Details The current project uses validateurl to validate the input URL. The main logic is to perform security checks on the host portion of the URL extracted by...

5CVSS5.9AI score0.00247EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/05/28 7:18 p.m.19 views

local-deep-research has an SSRF bypass in `safe_get`

Summary The URL checking logic in local-deep-research has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. Details The current project uses validateurl to validate the input URL. The main logic is to perform security checks on the host portion of the URL extracted by...

5CVSS5.9AI score0.00247EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 4:13 p.m.11 views

CVE-2026-44502

Bugsink is a self-hosted error tracking tool. Prior to 2.1.3, Bugsink’s webhook URL validation could be partially bypassed because of a mismatch in URL parsing. The original validation logic parsed webhook URLs with Python’s urllib.parse.urlparse, then sent the request with requests.post. For...

4.3CVSS5.8AI score0.00286EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/26 4:13 p.m.34 views

CVE-2026-44502

Bugsink (self-hosted error tracking) has an SSRF bypass vulnerability in the webhook URL validation (validate_webhook_url) affecting versions before 2.1.3. The root cause is a mismatch between Python URL parsing (urllib.parse.urlparse) and the HTTP client stack (requests/urllib3) for malformed in...

4.3CVSS5.8AI score0.00286EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/26 4:13 p.m.11 views

CVE-2026-44502 Bugsink: SSRF bypass in `validate_webhook_url`

Bugsink is a self-hosted error tracking tool. Prior to 2.1.3, Bugsink’s webhook URL validation could be partially bypassed because of a mismatch in URL parsing. The original validation logic parsed webhook URLs with Python’s urllib.parse.urlparse, then sent the request with requests.post. For...

4.3CVSS5.8AI score0.00286EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/26 4:13 p.m.17 views

EUVD-2026-31855

Bugsink is a self-hosted error tracking tool. Prior to 2.1.3, Bugsink’s webhook URL validation could be partially bypassed because of a mismatch in URL parsing. The original validation logic parsed webhook URLs with Python’s urllib.parse.urlparse, then sent the request with requests.post. For...

4.3CVSS5.8AI score0.00286EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/20 3:35 p.m.10 views

Interpretation Conflict

Overview symfony/html-sanitizer is a Provides an object-oriented API to sanitize untrusted HTML input for safe insertion into a document's DOM. Affected versions of this package are vulnerable to Interpretation Conflict via URL parsing and policy enforcement in UrlSanitizer/UrlAttributeSanitizer...

5.4CVSS5.8AI score0.00048EPSS
Exploits0References2
OSV
OSV
added 2026/05/08 7:9 p.m.7 views

GHSA-FP53-QCF8-2XX2 Bunsink has an SSRF bypass in `validate_webhook_url`

Summary Bugsink’s webhook URL validation in versions 2.1.2 and earlier could be partially bypassed because of a mismatch in URL parsing. In some malformed URLs, Python’s standard URL parser urllib and the HTTP client stack requests / urllib3 do not agree on which host is actually being targeted...

4.3CVSS6AI score0.00286EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.15 views

PT-2026-39265

Summary Bugsink’s webhook URL validation in versions 2.1.2 and earlier could be partially bypassed because of a mismatch in URL parsing. In some malformed URLs, Python’s standard URL parser urllib and the HTTP client stack requests / urllib3 do not agree on which host is actually being targeted...

4.3CVSS6AI score0.00286EPSS
Exploits0References6
OSV
OSV
added 2026/05/06 10:8 p.m.9 views

GHSA-Q9PW-VMHH-384G PraisonAI has an SSRF bypass

Summary The URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. Details The current PraisonAI project uses validateurl to validate the input URL. The main logic is to perform security checks on the host portion of the URL extracted by...

9.8CVSS5.9AI score0.00378EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.7 views

PT-2026-31284

Summary A discrepancy between browser cookie parsing and parse handling allows cookie prefix protections to be bypassed. Cookie names that are treated as distinct by the browser may be normalized to the same key by parse, allowing attacker-controlled cookies to override legitimate ones. Details...

4.8CVSS5.9AI score0.00284EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/27 12:0 a.m.2 views

CVE-2026-30302

The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser the Unix-based shell-quote library to analyze commands on the...

6.2AI score0.01993EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.3 views

CVE-2026-31993

OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass...

6.4CVSS6.1AI score0.00291EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/19 1:0 a.m.3 views

CVE-2026-31993 OpenClaw < 2026.2.22 - Allowlist Parsing Mismatch in system.run Shell Chains

OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass...

5.6CVSS6.1AI score0.00291EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/19 1:0 a.m.7 views

EUVD-2026-13025

OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass...

6.4CVSS6.1AI score0.00291EPSS
Exploits0References4
CVE
CVE
added 2026/03/09 9:1 p.m.16 views

CVE-2026-25960

Summary of CVE-2026-25960 (vLLM) : The SSRF protection added in 0.15.1 (fix tied to CVE-2026-24779) can be bypassed in vLLM’s load_from_url_async due to inconsistent URL parsing between the validation layer (urllib3.util.parse_url) and the HTTP client (aiohttp with yarl). The vulnerability arises...

9.8CVSS5.8AI score0.00485EPSS
Exploits1References8Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/09 9:1 p.m.3 views

CVE-2026-25960 SSRF Protection Bypass in vLLM

vLLM is an inference and serving engine for large language models LLMs. The SSRF protection fix for CVE-2026-24779 add in 0.15.1 can be bypassed in the loadfromurlasync method due to inconsistent URL parsing behavior between the validation layer and the actual HTTP client. The SSRF fix uses...

7.1CVSS5.8AI score0.00485EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/09 7:55 p.m.12 views

vLLM has SSRF Protection Bypass

Summary The SSRF protection fix for https://github.com/vllm-project/vllm/security/advisories/GHSA-qh4c-xf7m-gxfc can be bypassed in the loadfromurlasync method due to inconsistent URL parsing behavior between the validation layer and the actual HTTP client. Affected Component - File:...

9.8CVSS5.9AI score0.00485EPSS
Exploits1References6Affected Software1
RedHat Linux
RedHat Linux
added 2026/03/02 1:34 a.m.8 views

cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy

A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled cgo binary. An attacker could exploit this to embed and execute arbitrary...

8.6CVSS7.3AI score0.00472EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/02/16 9:40 a.m.6 views

cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy

A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled cgo binary. An attacker could exploit this to embed and execute arbitrary...

8.6CVSS7.3AI score0.00472EPSS
Exploits0References8
Rows per page
Query Builder