CVE-2026-24880

CVE-2026-24880 describes an HTTP Request/Response Smuggling vulnerability in Apache Tomcat caused by inconsistent interpretation of HTTP requests via invalid chunk extension. Affected products include Tomcat 11.0.0-M1 through 11.0.18, 10.1.0-M1 through 10.1.52, 9.0.0.M1 through 9.0.115, 8.5.0 thr...

GHSA-G977-H85W-H2XJ MetaGPT has an Injection issue

A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function checksolution of the component HumanEvalBenchmark/MBPPBenchmark. Performing a manipulation results in code injection. The attack may be initiated remotely. The exploit is now public and may be used. Th...

GHSA-GCVM-C75M-H4P4 Apache OpenMeetings Uses GET Request Method With Sensitive Query Strings

Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact This issue affects Apache OpenMeetings: from 3.1.3...

Apache OpenMeetings Uses GET Request Method With Sensitive Query Strings

Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact This issue affects Apache OpenMeetings: from 3.1.3...

OpenClaw: `fetchWithSsrFGuard` replays unsafe request bodies across cross-origin redirects

Impact fetchWithSsrFGuard replays unsafe request bodies across cross-origin redirects. A guarded fetch could resend unsafe request bodies or headers when following cross-origin redirects. OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does n...

GHSA-QX8J-G322-QJ6M OpenClaw: `fetchWithSsrFGuard` replays unsafe request bodies across cross-origin redirects

Impact fetchWithSsrFGuard replays unsafe request bodies across cross-origin redirects. A guarded fetch could resend unsafe request bodies or headers when following cross-origin redirects. OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does n...

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper handling of redirects in the Playwright navigation. An attacker can access internal or private network resources by crafting requests that...

GHSA-W8G9-X8GX-CRMM OpenClaw: Strict browser SSRF bypass in Playwright redirect handling leaves private targets reachable

Impact Strict browser SSRF bypass in Playwright redirect handling leaves private targets reachable. Strict browser SSRF checks could miss Playwright request-time navigation to private targets. OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and...

GHSA-VR5G-MMX7-H897 OpenClaw has Browser SSRF Policy Bypass via Interaction-Triggered Navigation

Impact Browser SSRF Policy Bypass via Interaction-Triggered Navigation. Browser interactions could trigger navigations that bypassed the normal SSRF navigation checks. OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a...

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the media download process. An attacker can access internal network resources by sending crafted requests to the affected media fetch endpoints...

OpenClaw `node.invoke(browser.proxy)` bypasses `browser.request` persistent profile-mutation guard

Impact OpenClaw node.invokebrowser.proxy bypasses browser.request persistent profile-mutation guard. node.invokebrowser.proxy could mutate persistent browser profiles through a path that bypassed the browser.request guard. OpenClaw is a user-controlled local assistant. This advisory is scoped to...

CVE-2026-39974

n8n-MCP is a Model Context Protocol MCP server that provides AI assistants with comprehensive access to n8n node documentation, properties, and operations. Prior to 2.47.4, an authenticated Server-Side Request Forgery in n8n-mcp allows a caller holding a valid AUTHTOKEN to cause the server to iss...

CVE-2026-39974

n8n-MCP is a Model Context Protocol MCP server that provides AI assistants with comprehensive access to n8n node documentation, properties, and operations. Prior to 2.47.4, an authenticated Server-Side Request Forgery in n8n-mcp allows a caller holding a valid AUTHTOKEN to cause the server to iss...

CVE-2026-39974

CVE-2026-39974 affects the n8n-mcp component (Model Context Protocol server). In multi-tenant HTTP mode, an authenticated caller with a valid AUTH_TOKEN can trigger SSRF to arbitrary URLs supplied via per-request headers (instance-URL headers). The server reflects HTTP responses back through JSON...

CVE-2026-34020

Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact This issue affects Apache OpenMeetings: from 3.1.3...

CVE-2026-34020

CVE-2026-34020 affects Apache OpenMeetings (versions 3.1.3 through 8.9.99). The REST login endpoint uses HTTP GET with username and password passed as query parameters, exposing credentials in server logs, browser history, and potentially network monitoring. The issue is mitigated by upgrading to...

CVE-2026-39843 Plane has a Server-Side Request Forgery (SSRF) in Favicon Fetching

Plane is an an open-source project management tool. From 0.28.0 to before 1.3.0, the remediation of GHSA-jcc6-f9v6-f7jw is incomplete which could lead to the same full read Server-Side Request Forgery when a normal html page contains a link tag with an href that redirects to a private IP address ...

CVE-2025-70810

Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the login function and the authentication mechanism...

CVE-2025-70811

Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the Admin Control Panel icon management functionality...

CVE-2026-5440

A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...