PT-2026-41957

Summary Alice exposes a Python SDK ProxyShare with a fixed target URL. Bob sends a request to the share with an absolute URL in the path. The Flask handler passes that path to urllib.parse.urljoin, which replaces Alice's configured target host with Bob's host and returns the server-side response ...

CVE-2026-30118

CVE-2026-30118 affects scalar/astro v0.1.13. The vulnerability is a Server-Side Request Forgery (SSRF) in the scalar_url query parameter of the Scalar Proxy endpoint. Unauthenticated attackers can coerce the backend to perform HTTP requests to attacker-controlled URLs, leading to exposure of auth...

PT-2026-45478

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11 Linux kernel versions prior to 6.18.34 Linux kernel versions prior to 6.12.92 Linux kernel versions prior to 6.6.142 Linux kernel versions prior to 6.1.175 Linux kernel versions prior to 5.15.209 Linux...

CVE-2025-70950

An issue in gohttp commit 34ea51 allows attackers to execute a directory traversal via supplying a crafted request...

PT-2026-41952

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via the webhook url parameter in the file scan endpoint POST /v1/iac/iacVersion/cloud/local/file/scan when running in server mode. An unauthenticated remote attacker can supply an arbitrary URL as the webhook url...

squid security update

7:3.5.20-17.0.11.13 - Security update for CVE-2026-32748 CVE-2026-33526 Orabug: 39230173 7:3.5.20-17.0.9.13 - Fixes CVE-2025-62168, squid: Squid vulnerable to information disclosure via - authentication credential leakage in error handling Orabug: 38587551 7:3.5.20-17.0.7.13 - Fixes CVE-2025-5457...

EUVD-2026-30948

scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery SSRF in the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows unauthenticated attackers to force the backend server to send HTTP requests to attacker-controlled URLs, leading to...

Debian dla-4590 : erlang - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4590 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4590-1 [email protected]...

FreeBSD : Vinyl/Varnish -- HTTP/2 parsing deficiency (f0f4bb64-52c6-11f1-a1c0-0050569f0b83)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f0f4bb64-52c6-11f1-a1c0-0050569f0b83 advisory. Vinyl Development Team reports: A deficiency in HTTP/2 request parsing can be exploited to launch a...

CVE-2026-8757

A vulnerability was found in adenhq hive up to 0.11.0. This affects the function readeventstail of the file core/framework/server/routessessions.py of the component Delete Request Handler. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has...

CVE-2023-24215

Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request...

CLSA-2026-1779123668 Fix CVE(s): CVE-2026-6735

SECURITY UPDATE: XSS via unsanitized request URI in PHP-FPM status page - debian/patches/CVE-2026-6735.patch: escape requesturi with HTML entities in fpmstatushandlerequest for HTML/XML output formats, and fix querystring escape flags in sapi/fpm/fpm/fpmstatus.c - CVE-2026-6735...

dynoxide: DNS rebinding and cross-origin CSRF via MCP HTTP transport

Summary dynoxide's MCP HTTP transport was vulnerable to DNS rebinding via its transitive rmcp dependency, plus a related cross-origin CSRF gap. A malicious web page could make the user's browser send requests to a local dynoxide mcp --http or dynoxide serve --mcp server with a non-loopback Host...

CVE-2026-45317

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, an application-wide Cross-Site Request Forgery CSRF vulnerability was found Open-WebUl's image uploading functionality. An attacker can set an image URL to a malicious endpoint,...

GHSA-QJP4-4JVR-XQG3 Spring AI MCP Security: Unvalidated URL Fetching (SSRF)

Summary The mcp-security framework fails to implement the mandatory SSRF mitigations outlined in the Model Context Protocol MCP security specifications. Specifically, it processes untrusted URLs for OAuth-related discovery and metadata without verifying if the targets are malicious or internal to...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via unvalidated URL processing in the OAuth2 dynamic client registration process. An attacker can access internal network resources or sensitive information by supplying malicious URLs to be fetched by t...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via unvalidated URL processing in the OAuth2 dynamic client registration process. An attacker can access internal network resources or sensitive information by supplying malicious URLs to be fetched by t...

Spring AI MCP Security: Unvalidated URL Fetching (SSRF)

Summary The mcp-security framework fails to implement the mandatory SSRF mitigations outlined in the Model Context Protocol MCP security specifications. Specifically, it processes untrusted URLs for OAuth-related discovery and metadata without verifying if the targets are malicious or internal to...

io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass...

io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass...