CVE-2026-44232

DSSRF is a Node.js library that provides a wide range of utilities and advanced SSRF defense checks. Prior to 1.3.0, every IPv6 category bypasses isurlsafe. This vulnerability is fixed in 1.3.0...

CVE-2026-42260 Open-WebSearch: SSRF in `fetchWebContent` MCP tool: bracketed IPv6 literals and non-resolving hostname check bypass `isPrivateOrLocalHostname`

Open-WebSearch is a multi-engine MCP server, CLI, and local daemon for agent web search and content retrieval. Prior to 2.1.7, isPublicHttpUrl / assertPublicHttpUrl in src/utils/urlSafety.ts do not recognize bracketed IPv6 literals and do not resolve DNS, which combine to allow non-blind SSRF wit...

Incomplete Filtering of Special Elements

Overview dssrf is a SSRF defense library for Node.js with safe URL validation utilities. Affected versions of this package are vulnerable to Incomplete Filtering of Special Elements via the isurlsafe function. An attacker can access internal network resources by supplying specially crafted IPv6...

CVE-2026-41060

Summary: CVE-2026-41060 affects WWBN AVideo (versions 29.0 and below). The function isSSRFSafeURL() in objects/functions.php contains a same-domain shortcircuit (lines 4290-4296) that compares only hostname to webSiteRootURL and ignores the port, allowing an attacker to reach arbitrary ports on t...

CVE-2026-34590 Postiz: SSRF via Webhook Creation Endpoint Missing URL Safety Validation

Postiz is an AI social media scheduling tool. Prior to version 2.21.4, the POST /webhooks/ endpoint for creating webhooks uses WebhooksDto which validates the url field with only @IsUrl format check, missing the @IsSafeWebhookUrl validator that blocks internal/private network addresses. The updat...

CVE-2026-34590

Postiz (AI social media scheduling tool) contains a vulnerability in the POST /webhooks/ endpoint prior to v2.21.4, where WebhooksDto validates the url with only @IsUrl() (format check) and lacks @IsSafeWebhookUrl, allowing blind SSRF because the orchestrator fetches the stored webhook URL withou...

EUVD-2017-0026

Malware in sbrugna...

EUVD-2024-33145

Malicious code in bioql PyPI...

CVE-2024-10474

Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS 132...

CVE-2024-10474

The CVE-2024-10474 entry concerns Mozilla Focus for iOS (pre-132). The issue is that internal links could use the app scheme for deeplinking, potentially bypassing URL safety checks and enabling link spoofing. Connected sources confirm Focus for iOS

CVE-2024-10474

Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS 132...

Security Vulnerabilities fixed in Focus for iOS 132 — Mozilla

Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks...

comune.samatzai.ca.it Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1160005 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

Scan QR Codes Safely with the Trend Micro QR Scanner

Using your camera and a QR code scanner on your mobile device, it’s easy to scan a code to download an app or go to a website—a bit too easy, some might say. What if the QR code is for a malicious app, or takes you to a dangerous website? How would you know before it’s too late? Trend Micro’s fre...

sirofima.ru XSS vulnerability

Open Bug Bounty ID: OBB-591203 Description| Value ---|--- Affected Website:| sirofima.ru Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

filter-technics.be XSS vulnerability

Vulnerable URL: http://www.filter-technics.be/site/error.php?url=http%3A%2F%2Fwww.filter-technics.be%2Ffr%2Fadressess-37.htm=--!"...