5 matches found
CVE-2026-57573
CVE-2026-57573 affects Crawl4AI: unauthenticated SSRF via the Docker stream endpoint. Before 0.9.0, SSRF checks were only on the non‑streaming /crawl path; handle_stream_crawl_request forwarded seed URLs with no destination validation. This allowed a remote, unauthenticated client to POST to /cra...
Security update for roundcubemail (important)
openSUSE Security Update: Security update for roundcubemail Announcement ID: openSUSE-SU-2026:0183-1 Rating: important References: 1266329 1266331 1266332 1266333 1266334 1266335 1266336 1266337 Cross-References: CVE-2026-48842 CVE-2026-48843 CVE-2026-48844 CVE-2026-48845 CVE-2026-48846...
CVE-2026-9818
CVE-2026-9818 is rejected/not used; this entry does not represent an active vulnerability.
GHSA-CWCX-382V-8M9G Weblate Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_url
Impact An authenticated user with project.add permission default on hosted Weblate SaaS and for any user holding an active billing/trial plan can import a crafted project backup ZIP whose components/.json contains an attacker-chosen repo URL pointing at a private address e.g. http://127.0.0.1:999...
Server-side Request Forgery (SSRF)
Overview indico is a conference lifecycle management and meeting/lecture scheduling tool. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in isprivateurl in util/network.py. A user can access internal network resources or sensitive endpoints by supplying...