CVE-2026-46526

Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.10, the URL checking logic in local-deep-research has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. The current project uses validateurl to validate the input URL. The...

CVE-2026-45021

Kuma CVE-2026-45021 describes a cross-origin exposure in the default kuma-cp config where CorsAllowedDomains: "." and LocalhostIsAdmin: true enable a browser-based attacker to fetch admin credentials from the control plane. Before versions 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5, a malicious...

CVE-2026-46135

A flaw was found in the Linux kernel's NVMe over TCP nvmet-tcp implementation. A race condition exists between the handling of an Initialization Connection Request ICReq and the teardown of a queue. A remote attacker, by sending an ICReq and immediately closing the connection, could trigger a...

CVE-2026-45310 CodeWhale: SSRF via HTTP Redirect Bypass in fetch_url Tool

CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.22, the fetchurl tool validates the initial URL's resolved IP address against a restricted-IP blocklist isrestrictedip to prevent SSRF attacks against internal services cloud metadata endpoints, localhost, private networks...

CVE-2026-45373 CodeWhale: SSRF‌ IPV6 bypass

CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in‌‌ URL‌ as http://::1, the SSRF defenses do not work. This vulnerability is fixed in 0.8.26...

Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitrary code under certain conditions. The security flaw, per Rapid7, is rated 9.4 on the CVSS scoring system. It does not have a CVE...

CVE-2026-45261

GitButler is a modern Git-based version control interface for AI-powered workflows. Prior to 0.19.7, a emote code execution vulnerability exists in the Tauri-based GitButler desktop application. An attacker can inject a malicious link in a pull request body, which if clicked by the user allows fo...

CVE-2026-46561 pyLoad: SSRF via HTTP Redirect Bypass in parse_urls API

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the PREREQFUNCTION-based private IP check was not applied to HTTPRequest used by the parseurls API. An authenticated attacker can supply a URL pointing to an attacker-controlled server that responds with...

EUVD-2026-32956

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the PREREQFUNCTION-based private IP check was not applied to HTTPRequest used by the parseurls API. An authenticated attacker can supply a URL pointing to an attacker-controlled server that responds with...

CVE-2026-42585

A flaw was found in Netty. This vulnerability allows a remote attacker to perform request smuggling attacks due to incorrect parsing of malformed Transfer-Encoding headers. By exploiting this flaw, an attacker can bypass security controls and potentially access sensitive information or manipulate...

CVE-2026-44797 Nautobot: Webhook definitions could be used for server-side request forgery (SSRF)

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient access to perform requests to various hosts and IP addresses that should not be permitted, allowi...

CVE-2026-9098

In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifying that it corresponds to an AuthnRequest previously issued by Casdoor. Additionally, if an administrator disables or deletes an IdP...

CVE-2026-45261 GitButler: Link injection via forge integration enables arbitrary script execution

GitButler is a modern Git-based version control interface for AI-powered workflows. Prior to 0.19.7, a emote code execution vulnerability exists in the Tauri-based GitButler desktop application. An attacker can inject a malicious link in a pull request body, which if clicked by the user allows fo...

EUVD-2026-32944

GitButler is a modern Git-based version control interface for AI-powered workflows. Prior to 0.19.7, a emote code execution vulnerability exists in the Tauri-based GitButler desktop application. An attacker can inject a malicious link in a pull request body, which if clicked by the user allows fo...

CVE-2026-45261

GitButler is a modern Git-based version control interface for AI-powered workflows. Prior to 0.19.7, a emote code execution vulnerability exists in the Tauri-based GitButler desktop application. An attacker can inject a malicious link in a pull request body, which if clicked by the user allows fo...

CVE-2026-48522

PyJWKClient in PyJWT prior to 2.13.0 passes its uri argument directly to urllib.request.urlopen(), allowing attacker-controlled jku URLs to trigger SSRF and related token-forgery scenarios via file://, ftp://, or data: schemes. Affected component: PyJWKClient (Python). Root cause: lack of a schem...

CVE-2026-44358

The CVE-2026-44358 affects Espressif Shared GitHub DangerJS, a reusable GitHub Action for Espressif projects. Before 1.0.1, the action’s entrypoint.sh invoked DangerJS from the caller’s workspace after copying the fork’s checkout, creating an untrusted search path for binary and Node.js module re...

CVE-2026-44358 Espressif Shared GitHub DangerJS: Untrusted Search Path in DangerJS Action Entrypoint

Espressif Shared GitHub DangerJS is a reusable GitHub Action CI DangerJS workflow for Espressif GitHub projects. Prior to 1.0.1, the action's entrypoint.sh invoked DangerJS from the caller's workspace after copying the fork's checkout into it, creating an untrusted search path for both binary...

CVE-2026-44723

Vowpal Wabbit is a machine learning system. The workflow .github/workflows/pythonchecks.yml embeds $ github.event.pullrequest.title directly inside double-quoted bash strings in four separate steps across four jobs, each passing it as a CLI argument to the Python test script...

CLSA-2026-1779968889 Fix of 7 CVEs

SECURITY UPDATE: Authentication Bypass in digest authentication - debian/patches/CVE-2026-43512.patch: reject digest authentication attempts for unknown users in getDigest - CVE-2026-43512 SECURITY UPDATE: Account lockout bypass in LockOutRealm via case variation of user names -...