RHEL 7 : kernel-rt (RHSA-2026:10756)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:10756 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...

CVE-2026-7060 liyupi yu-picture MyBatis-Plus PictureServiceImpl.java PageRequest sql injection

A vulnerability was determined in liyupi yu-picture up to a053632c41340152bf75b66b3c543d129123d8ec. This impacts the function PageRequest of the file yu-picture-backend/src/main/java/com/yupi/yupicturebackend/service/impl/PictureServiceImpl.java of the component MyBatis-Plus. Executing a...

EUVD-2026-25730

A vulnerability was determined in liyupi yu-picture up to a053632c41340152bf75b66b3c543d129123d8ec. This impacts the function PageRequest of the file yu-picture-backend/src/main/java/com/yupi/yupicturebackend/service/impl/PictureServiceImpl.java of the component MyBatis-Plus. Executing a...

CVE-2026-7060

A vulnerability was determined in liyupi yu-picture up to a053632c41340152bf75b66b3c543d129123d8ec. This impacts the function PageRequest of the file yu-picture-backend/src/main/java/com/yupi/yupicturebackend/service/impl/PictureServiceImpl.java of the component MyBatis-Plus. Executing a...

CVE-2026-7060

Technical details (affected versions, exact file paths, patch info) are not publicly available in the provided documents. Monitor for updates.

CVE-2026-7060 liyupi yu-picture MyBatis-Plus PictureServiceImpl.java PageRequest sql injection

A vulnerability was determined in liyupi yu-picture up to a053632c41340152bf75b66b3c543d129123d8ec. This impacts the function PageRequest of the file yu-picture-backend/src/main/java/com/yupi/yupicturebackend/service/impl/PictureServiceImpl.java of the component MyBatis-Plus. Executing a...

usb: gadget: renesas_usb3: validate endpoint index in standard request handlers

...

PT-2026-35240

A vulnerability was determined in liyupi yu-picture up to a053632c41340152bf75b66b3c543d129123d8ec. This impacts the function PageRequest of the file yu-picture-backend/src/main/java/com/yupi/yupicturebackend/service/impl/PictureServiceImpl.java of the component MyBatis-Plus. Executing a...

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the browser profile creation process. An attacker can cause unauthorized requests to internal network resources by storing a profile with a cdpUrl...

NPM: OpenClaw: Browser CDP profile creation skipped strict-mode SSRF checks

NPM: OpenClaw: Browser CDP profile creation skipped strict-mode SSRF checks vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...

OpenClaw: QQBot direct media upload skipped URL SSRF validation

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact The QQBot direct-upload media path could forward attacker-controlled image URLs without applying the SSRF validation used by the local download path. This could make configured...

Interpretation Conflict

Overview Affected versions of this package are vulnerable to Interpretation Conflict via a mismatch in path normalization between components. An attacker can gain unauthorized access to restricted resources or perform actions without proper authentication by crafting requests with specially...

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the NewServer function in the HTTP server, specifically within the http.DefaultServeMux Fallback Handler. An attacker can access sensitive information by sending crafted HTTP requests that trigger the unintend...

CVE-2026-6981

A vulnerability was found in IhateCreatingUserNames2 AiraHub2 up to 3e4b77fd7d48ed811ffe5b8d222068c17c76495e. Affected is the function connectstreamendpoint/syncagents of the file AiraHub.py of the component Endpoint. Performing a manipulation results in server-side request forgery. The attack ma...

CVE-2026-6981 IhateCreatingUserNames2 AiraHub2 Endpoint AiraHub.py sync_agents server-side request forgery

A vulnerability was found in IhateCreatingUserNames2 AiraHub2 up to 3e4b77fd7d48ed811ffe5b8d222068c17c76495e. Affected is the function connectstreamendpoint/syncagents of the file AiraHub.py of the component Endpoint. Performing a manipulation results in server-side request forgery. The attack ma...

CVE-2026-6979

A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been published and m...

web-vuln-scanner

🔍 WebVulnScanner v1.0 A production-grade, async Python web...

CVE-2026-6979

Affects devlikeapro WAHA up to 2026.3.4; vulnerable in the API Request Handler function src/api/media.controller.ts, enabling server-side request forgery. Attackable remotely; exploit published. Vendor unresponsive. No remediation details provided in the documents.

CVE-2026-6979 devlikeapro WAHA API Request media.controller.ts server-side request forgery

A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been published and m...

CVE-2026-6979 devlikeapro WAHA API Request media.controller.ts server-side request forgery

A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been published and m...