CVE-2026-6841

The CVE-2026-6841 entry describes a reflected cross-site scripting (XSS) vulnerability in Request Tracker (RT) that is triggered via the Page parameter in GET requests, allowing arbitrary JavaScript execution in the victim’s browser. Affected RT versions are 5.0.4–5.0.9 and 6.0.0–6.0.2. The vulne...

Exploit for CVE-2026-45829

🚨 CVE-2026-45829 - ChromaDB Pre-Auth RCE Critical Remote...

CVE-2026-44064

An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or cause a denial of service via a crafted ASP request...

CVE-2026-44064 ASP session ID out-of-bounds access

An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or cause a denial of service via a crafted ASP request...

CVE-2026-44060

An integer underflow in dsiwriteinit in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request...

PT-2026-42395

Name of the Vulnerable Software and Affected Versions mlflow/mlflow versions prior to 3.10.0 Description When basic authentication is enabled, the 'SearchModelVersions' REST API endpoint and the 'mlflowSearchModelVersions' GraphQL query lack proper per-model authorization checks. This allows any...

PT-2026-42681

Summary A Server-Side Request Forgery SSRF vulnerability in get image info allows any authenticated user to force the server to send HTTP requests to arbitrary internal endpoints, including cloud metadata services e.g., AWS 169.254.169.254. This is a blind SSRF with confirmed internal port scanni...

PT-2026-42653

Summary A Server-Side Request Forgery SSRF vulnerability in get image info allows any authenticated user to force the server to send HTTP requests to arbitrary internal endpoints, including cloud metadata services e.g., AWS 169.254.169.254. This is a blind SSRF with confirmed internal port scanni...

PT-2026-42644

Impact A remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls get epoch chunks which iterates backwards through macro blocks using Policy::macro block before. When it reaches the genesis block number, macro block before...

PT-2026-42607

Summary The SSRF mitigation added in commit 33c55da for GHSA-7gvf-3w72-p2pg is incomplete. The PREREQFUNCTION-based private IP check was correctly applied to HTTPChunk download path but not to HTTPRequest used by the parse urls API. An authenticated attacker can supply a URL pointing to an...

Concrete CMS 跨站请求伪造漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier had a cross-site request forgeing vulnerability. This vulnerability stemmed from the lack of validation of CSRF tokens, which could allow attackers to overwrite PHP files...

PT-2026-42461

Name of the Vulnerable Software and Affected Versions Request Tracker versions 5.0.4 through 5.0.9 Request Tracker versions 6.0.0 through 6.0.2 Description Reflected cross-site scripting XSS occurs via the Page parameter in GET requests. This allows an attacker to craft a URL that executes...

Request Tracker 跨站脚本漏洞

Request Tracker is a problem and ticket tracking system developed by Request Tracker Inc. Versions 5.0.4 to 5.0.9, as well as 6.0.0 to 6.0.2, have a cross-site scripting vulnerability. This vulnerability stems from the Page parameter in GET requests, which may lead to reflective cross-site...

PT-2026-42517

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/reports.php where the tick id POST parameter is concatenated into the WHERE clause of SELECT statements in the incidents summary report without sanitization. Authenticated attackers can craft requests that alter query...

PT-2026-42573

Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.0.0 through 9.4.x Description Cross Site Request Forgery CSRF occurs at the 'concrete/controllers/backend/file' endpoint within the removeFavoriteFolder$id function. CSRF is a flaw that allows an attacker to induce a us...

PT-2026-42702

Name of the Vulnerable Software and Affected Versions KnpSnappyBundle affected versions not specified Description An issue exists that allows Server-Side Request Forgery SSRF and local file read. This occurs when applications allow user-supplied input to be passed directly to the Snappy library,...

PT-2026-42590

Overview - Vulnerability type: Blind SSRF - Affected components: src/crawlee/ utils/sitemap.py, src/crawlee/ utils/robots.py, src/crawlee/request loaders/ sitemap request loader.py, and all built-in HTTP clients. - Trigger: an attacker-controlled sitemap or robots.txt containing a URL that points...

Concrete CMS 跨站请求伪造漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS prior to 9.5.0 had a cross-site request forgeing vulnerability. This vulnerability was exploited through the concrete/controllers/backend/file rescanMultiple function, making it susceptibl...

Concrete CMS 跨站请求伪造漏洞

Concrete CMS is an open-source content management system designed for teams. Versions of Concrete CMS prior to 9.5.0 had a cross-site request forgeing vulnerability. This vulnerability stems from the function concrete/controllers/backend/file addFavoriteFolder$id, which is vulnerable to cross-sit...

PT-2026-42537

Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/do update/. The do update method in concrete/controllers/single page/dashboard/extend/update.php checks only canInstallPackages before executing upgradeCoreData and upgrade on the...