SUSE CVE-2026-24767

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, a blind Server-Side Request Forgery SSRF vulnerability exists in the uploadViaURL functionality due to an unprotected HEAD request. While the subsequent file retrieval logic correctly enforces SSRF protections, t...

SUSE CVE-2026-43278

In the Linux kernel, the following vulnerability has been resolved: dm: clear cloned request bio pointer when last clone bio completes Stale rq-bio values have been observed to cause double-initialization of cloned bios in request-based device-mapper targets, leading to use-after-free and...

SUSE CVE-2026-43401

In the Linux kernel, the following vulnerability has been resolved: cpufreq: intelpstate: Fix NULL pointer dereference in updatecpuqosrequest The updatecpuqosrequest function attempts to initialize the 'freq' variable by dereferencing 'cpudata' before verifying if the 'policy' is valid. This issu...

CVE-2026-41903

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user holding the PERMEDITUSERS permission intended for general user-profile editing can read and modify the notification subscriptions of any other user, including admins, by sending a...

Plainpad 安全漏洞

Plainpad is a self-hosted note-taking application by the individual developer Alex Tselegidis. A security vulnerability exists in Plainpad versions prior to 1.1.1, which stems from allowing a low-privileged user to self-elevate to administrator via the admin parameter in a PUT request, potentiall...

Unity Linux 20.1070e Security Update: varnish (UTSA-2026-017377)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017377 advisory. In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise Cache Plus 4.1.x before 4.1.11r6 and 6.0.x before...

view_component: Preview Route Can Dispatch Inherited Helper Methods

Summary The preview route derives an example name from the URL and calls it with publicsend. The code does not verify that the requested method is one of the preview examples explicitly defined by the preview class. As a result, inherited public methods on ViewComponent::Preview are...

CVE-2026-44284

FastGPT is an AI Agent building platform. Prior to version 4.14.17, FastGPT had an inconsistent SSRF protection gap in MCP tool URL handling. The direct MCP preview/run endpoints already rejected internal/private network URLs, but the MCP tool create/update endpoints could still save an internal...

CVE-2026-44313

CVE-2026-44313 (Linkwarden) : A SSRF vulnerability exists in the fetchTitleAndHeaders function prior to version 2.13.0, enabling authenticated users to cause arbitrary HTTP requests to internal services due to insufficient URL validation that only checks for the prefixes "http://" or "https://". ...

CVE-2026-44313

Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. Prior to version 2.13.0, a Server-Side Request Forgery SSRF vulnerability in the fetchTitleAndHeaders function allows authenticated users to make arbitrary HTTP requests to internal...

CVE-2026-44313 LinkWarden: Server-Side Request Forgery (SSRF) in Link Creation via fetchTitleAndHeaders Function

Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. Prior to version 2.13.0, a Server-Side Request Forgery SSRF vulnerability in the fetchTitleAndHeaders function allows authenticated users to make arbitrary HTTP requests to internal...

free5GC NRF: type-confusion panic in POST /oauth2/token structured-form parser via Reflect.Set on incompatible types

Summary free5GC's NRF root SBI endpoint POST /oauth2/token contains a parser-level type-confusion bug family. The handler in NFs/nrf/internal/sbi/apiaccesstoken.go reflects over models.NrfAccessTokenAccessTokenReq, special-cases only plain string and NrfNfManagementNfType fields, and treats every...

GHSA-J59F-X285-69JX free5GC's NEF 3gpp-pfd-management PATCH applications/{appId} panics on UDR access failure due to nil ProblemDetails dereference

Summary free5GC's NEF PATCH /3gpp-pfd-management/v1/afId/transactions/transId/applications/appId handler panics with a nil-pointer dereference when the upstream UDR call fails AND the consumer wrapper returns err != nil together with a nil ProblemDetails. The handler's errPfdData != nil branch...

free5GC's PCF npcf-policyauthorization POST /app-sessions panics on suppFeat=1 with missing AfRoutReq via nil pointer dereference

Summary free5GC's PCF POST /npcf-policyauthorization/v1/app-sessions handler panics on a single authenticated request whose ascReqData.suppFeat == "1" enabling traffic-routing feature negotiation and whose medComponents entries supply an afAppId but NO AfRoutReq. The create path then calls...

CVE-2026-42556 Postiz stored XSS in public preview page

Postiz is an AI social media scheduling tool. From version 2.21.6 to before version 2.21.7, any authenticated user who can create a post can store arbitrary HTML in post content by tampering their own save request and send the public preview link /p/?share=true to another user. The preview page...

CVE-2026-42556 Postiz stored XSS in public preview page

Postiz is an AI social media scheduling tool. From version 2.21.6 to before version 2.21.7, any authenticated user who can create a post can store arbitrary HTML in post content by tampering their own save request and send the public preview link /p/?share=true to another user. The preview page...

CVE-2026-42346

Postiz is an AI social media scheduling tool. From version 2.16.6 to before version 2.21.7, all SSRF protections added in v2.21.4–v2.21.6 share a fundamental TOCTOU Time-of-Check-Time-of-Use vulnerability: isSafePublicHttpsUrl resolves DNS to validate the target IP, but subsequent fetch calls...

EUVD-2026-28856

Postiz is an AI social media scheduling tool. From version 2.16.6 to before version 2.21.7, all SSRF protections added in v2.21.4–v2.21.6 share a fundamental TOCTOU Time-of-Check-Time-of-Use vulnerability: isSafePublicHttpsUrl resolves DNS to validate the target IP, but subsequent fetch calls...

Incorrect Authorization

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Incorrect Authorization in the PATCH process to /api/v1/users/id when the permissions array is not properly restricted. An attacker can gain unauthorized administrative...

CVE-2026-42298

Postiz is an AI social media scheduling tool. Prior to commit da44801, a "Pwn Request" vulnerability in the Build and Publish PR Docker Image workflow .github/workflows/pr-docker-build.yml allows any unauthenticated user to execute arbitrary code during the Docker build process and exfiltrate a...