BIT-OAUTH2-PROXY-2026-34457 OAuth2 Proxy: Health Check User-Agent Matching Bypasses Authentication in auth_request Mode

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a configuration-dependent authentication bypass in deployments where OAuth2 Proxy is used with an authrequest-style integration such as nginx authrequest and either...

BIT-DJANGO-2026-3902 ASGI header spoofing via underscore/hyphen conflation

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

BIT-AUTHENTIK-2023-48228 OAuth2: PKCE can be fully circumvented

authentik is an open-source identity provider. When initialising a oauth2 flow with a codechallenge and codemethod thus requesting PKCE, the single sign-on provider authentik must check if there is a matching and existing codeverifier during the token step. Prior to versions 2023.10.4 and 2023.8....

SUSE CVE-2026-39845

Weblate is a web based localization tool. In versions prior to 5.17, the webhook add-on did not utilize existing SSRF protections. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable the webhook add-on as a workaround...

LangChain Text Splitters: HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass

Summary HTMLHeaderTextSplitter.splittextfromurl validated the initial URL using validatesafeurl but then performed the fetch with requests.get with redirects enabled the default. Because redirect targets were not revalidated, a URL pointing to an attacker-controlled server could redirect to...

Server-side Request Forgery (SSRF)

Overview @angular/platform-server is an Angular - library for using Angular in Node.js Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the URL parsing during Server-Side Rendering SSR. An attacker can cause the server to make arbitrary HTTP requests to...

CVE-2026-39313

mcp-framework is a framework for building Model Context Protocol MCP servers. In versions 0.2.21 and below, the readRequestBody function in the HTTP transport concatenates request body chunks into a string with no size limit. Although a maxMessageSize configuration value exists, it is never...

Server-side Request Forgery (SSRF)

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via postCore.ts. An attacker can cause the server to make arbitrary HTTP requests to internal or external systems by injecting malicious prompt templates that...

Server-side Request Forgery (SSRF)

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the secureAxiosRequest and secureFetch functions. An attacker can gain unauthorized access to internal services and potentially exfiltrate sensitive data ...

GHSA-XHMJ-RG95-44HV Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox

Summary A Server-Side Request Forgery SSRF protection bypass vulnerability exists in the Custom Function feature. While the application implements SSRF protection via HTTPDENYLIST for axios and node-fetch libraries, the built-in Node.js http, https, and net modules are allowed in the NodeVM sandb...

Partial String Comparison

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Partial String Comparison due to the replaceInputsWithConfig logic in packages/server/src/utils/index.ts. An attacker can override flow parameters by supplying a crafted override configuration in a predicti...

Flowise: Sensitive Data Leak in public-chatbotConfig

Summary /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker with knowledge just of a chatflow UUID can retrieve credentials stored in password type fields and HTTP headers,...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the jwksUri field of the RequestAuthentication resource. An attacker can access internal network resources by specifying a URL pointing to an internal service, causing the system to make unauthenticat...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the jwksUri field of the RequestAuthentication resource. An attacker can access internal network resources by specifying a URL pointing to an internal service, causing the system to make unauthenticat...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the jwksUri field of the RequestAuthentication resource. An attacker can access internal network resources by specifying a URL pointing to an internal service, causing the system to make unauthenticat...

GHSA-FGW5-HP8F-XFHC Istio: SSRF via RequestAuthentication jwksUri

Impact When a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhost or link local ips. This can result in sensitive data being distributed to Envoy proxies via xDS...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the jwksUri field of the RequestAuthentication resource. An attacker can access internal network resources by specifying a URL pointing to an internal service, causing the system to make unauthenticat...

Istio: SSRF via RequestAuthentication jwksUri

Impact When a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhost or link local ips. This can result in sensitive data being distributed to Envoy proxies via xDS...

pypdf: Possible long runtimes for wrong size values in incremental mode

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires loading a PDF with a large trailer /Size value in incremental mode. Patches This has been fixed in pypdf==6.10.2. Workarounds If you cannot upgrade yet, consider applying the changes from PR...

CVE-2026-39313

mcp-framework is a framework for building Model Context Protocol MCP servers. In versions 0.2.21 and below, the readRequestBody function in the HTTP transport concatenates request body chunks into a string with no size limit. Although a maxMessageSize configuration value exists, it is never...