Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Allow waiting for commands to complete on removed devices When an SCSI device is removed while still in active use, currently, sg will immediately return -ENODEV whenever an attempt is made to wait for active commands...

Server-side Request Forgery (SSRF)

Overview n8n-mcp is an Integration between n8n workflow automation and Model Context Protocol MCP Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the instance-URL header in multi-tenant HTTP mode. An authenticated attacker can cause the server to issue HTT...

CVE-2026-34577

Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the GET /public/stream endpoint in PublicController accepts a user-supplied url query parameter and proxies the full HTTP response back to the caller. The only validation is url.endsWith'mp4', which is trivially bypassable by...

Server-Side Request Forgery (SSRF)

github.com/zitadel/zitadel is vulnerable to an unauthenticated full-read Server-Side Request Forgery SSRF. The vulnerability is due to improper trust of the x-zitadel-forward-host header in the Login UI V2, which allows an attacker to force the server to make arbitrary HTTP requests and read...

EUVD-2026-13997

The Post Affiliate Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.28.0. This makes it possible for authenticated attackers, with Administrator-level access, to make web requests to initiate arbitrary outbound requests from the...

CVE-2026-2290

The Post Affiliate Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.28.0. This makes it possible for authenticated attackers, with Administrator-level access, to make web requests to initiate arbitrary outbound requests from the...

CVE-2026-2290 Post Affiliate Pro <= 1.28.0 - Authenticated (Administrator+) Server-Side Request Forgery via 'Post Affiliate Pro URL' Field

The Post Affiliate Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.28.0. This makes it possible for authenticated attackers, with Administrator-level access, to make web requests to initiate arbitrary outbound requests from the...

Linux Distros Unpatched Vulnerability : CVE-2022-42314

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Xenstore: guests can let run xenstored out of memory This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities...

UBUNTU-CVE-2022-50215

In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Allow waiting for commands to complete on removed device When a SCSI device is removed while in active use, currently sg will immediately return -ENODEV on any attempt to wait for active commands that were sent before t...

GPT Academic Server-Side Request Forgery Vulnerability

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a server-side request forgery vulnerability that can be exploited by an attacker to cause an application to access any URL, including internal services, and...

GPT Academic 代码问题漏洞

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a server-side request forgery vulnerability that can be exploited by an attacker to cause an application to access any URL, including internal services, and...

mozilla: Missing permission check when creating a StreamFilter

The Mozilla Foundation Security Advisory describes this flaw as: It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site...

mozilla: Missing permission check when creating a StreamFilter

The Mozilla Foundation Security Advisory describes this flaw as: It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site...

mozilla: Missing permission check when creating a StreamFilter

The Mozilla Foundation Security Advisory describes this flaw as: It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site...

mozilla: Missing permission check when creating a StreamFilter

The Mozilla Foundation Security Advisory describes this flaw as: It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site...

SUSE CVE-2024-7525

It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox 129, Firefox ESR 115.14, Firefox ESR 128.1, Thunderbird 128.1, and Thunderbird 115.14...

Galaxy Code Issues Vulnerabilities

Galaxy is an open source platform for FAIR data analysis open-sourced by Galaxy Project. A code issue vulnerability exists in Galaxy versions prior to 22.05 that stems from the presence of a Server Request Forgery SSRF vulnerability. An attacker can exploit this vulnerability to send arbitrary...