CVE-2026-34936 PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, passthrough and apassthrough in praisonai accept a caller-controlled apibase parameter that is concatenated with endpoint and passed directly to httpx.Client.request when the litellm primary path raises AttributeError. No URL schem...

CVE-2026-34936

Summary (CVE-2026-34936): PraisonAI prior to 4.5.90 allowed SSRF through passthrough/apassthrough by using a caller-controlled api_base that is concatenated with an endpoint and sent to httpx.Client.request() when a fallback path triggers an AttributeError. No URL scheme validation, private IP fi...

CVE-2026-34936 PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, passthrough and apassthrough in praisonai accept a caller-controlled apibase parameter that is concatenated with endpoint and passed directly to httpx.Client.request when the litellm primary path raises AttributeError. No URL schem...

CVE-2026-34787 Emlog: Local File Inclusion in plugin.php via unsanitized plugin parameter

Emlog is an open source website building system. In versions 2.6.2 and prior, a Local File Inclusion LFI vulnerability exists in admin/plugin.php at line 80. The $plugin parameter from the GET request is directly used in a requireonce path without proper sanitization. If the CSRF token check can ...

CVE-2025-65114

A flaw was found in Apache Traffic Server. This vulnerability allows a remote attacker to perform request smuggling by sending malformed chunked messages. Request smuggling can lead to bypassing security controls and potentially unauthorized access to sensitive information or services. Mitigation...

CVE-2026-35468

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, two peer-facing consensus request handlers assume that the history index is always available and call blockchain.historystore.historyindex.unwr...

CVE-2026-35468 nimiq/core-rs-albatross: Panic in history index request handlers when a full node runs without the history index

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, two peer-facing consensus request handlers assume that the history index is always available and call blockchain.historystore.historyindex.unwr...

CVE-2026-35468

CVE-2026-35468 affects the Rust implementation nimiq/core-rs-albatross. Before version 1.3.0, two peer-facing consensus request handlers assume the history index is always available and call blockchain.history_store.history_index().unwrap() directly. HistoryStoreProxy::history_index() returns Non...

CVE-2026-35468 nimiq/core-rs-albatross: Panic in history index request handlers when a full node runs without the history index

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, two peer-facing consensus request handlers assume that the history index is always available and call blockchain.historystore.historyindex.unwr...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the deleteFile function. An attacker can delete arbitrary files or directories on the server by sending specially crafted HTTP requests containing encoded path traversal sequences. PoC !/usr/bin/env bash Delete a...

Server-side Request Forgery (SSRF)

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the downloadbytesfromurl function. An attacker can cause the server to make arbitrary HTTP or HTTPS requests to...

EUVD-2026-18792

Budibase: Server-Side Request Forgery via REST Connector with Empty Default Blacklist...

EUVD-2026-18823

prompts.chat prior to commit 1464475 contains a blind server-side request forgery vulnerability in the Wiro media generator that allows authenticated users to perform server-side fetches of user-controlled inputImageUrl parameters. Attackers can exploit this vulnerability by sending POST requests...

CVE-2026-22662

prompts.chat prior to commit 1464475 contains a blind server-side request forgery vulnerability in the Wiro media generator that allows authenticated users to perform server-side fetches of user-controlled inputImageUrl parameters. Attackers can exploit this vulnerability by sending POST requests...

CVE-2026-22664

prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in the Fal.ai media status polling feature that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack ...

CVE-2026-22662 prompts.chat Blind SSRF via media-generate

prompts.chat prior to commit 1464475 contains a blind server-side request forgery vulnerability in the Wiro media generator that allows authenticated users to perform server-side fetches of user-controlled inputImageUrl parameters. Attackers can exploit this vulnerability by sending POST requests...

CVE-2026-23469

A flaw was found in the Linux kernel's drm/imagination driver. This vulnerability arises from a race condition where the runtime Power Management PM suspend callback does not wait for the Interrupt Request IRQ handler to complete before suspending the Graphics Processing Unit GPU. This timing iss...

EUVD-2026-18782

In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix cacherequest leak in cacherelease When a reader's file descriptor is closed while in the middle of reading a cacherequest rp-offset != 0, cacherelease decrements the request's readers count but never checks whether it...

GHSA-245V-P8FJ-VWM2 Juju has a resource poisoning vulnerability

Summary Any authenticated user, machine or controller under a Juju controller can modify the resources of an application within the entire controller. This one is very straightforward to just read in the code: Step 1: The authorisation mechanism for the resource handler is defined here. One is on...

CVE-2026-23470

A flaw was found in the Linux kernel's drm/imagination driver. A local attacker could potentially trigger a deadlock condition during the soft reset sequence. This occurs because the soft reset sequence, when executed from a threaded Interrupt Request IRQ handler, attempts to disable IRQs while...