GHSA-PR28-MF3Q-QPG6 Apostrophe has authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widget

Summary ApostropheCMS contains an authenticated server-side request forgery SSRF in the rich-text widget import flow. An authenticated user who can submit/edit rich-text widget content can cause the server to fetch attacker-controlled URLs during widget validation. For image-compatible responses,...

GHSA-7RX4-C5VX-G8W3 Karakeep SDK has SSRF via metascraper-logo-favicon that bypasses validateUrl protections

Summary The metascraper-logo-favicon plugin makes HTTP requests to URLs extracted from attacker-controlled HTML without going through the application's validateUrl SSRF protections. This allows any authenticated user to make the server fetch arbitrary internal URLs by bookmarking a page containin...

Karakeep SDK has SSRF via metascraper-logo-favicon that bypasses validateUrl protections

Summary The metascraper-logo-favicon plugin makes HTTP requests to URLs extracted from attacker-controlled HTML without going through the application's validateUrl SSRF protections. This allows any authenticated user to make the server fetch arbitrary internal URLs by bookmarking a page containin...

offsec-skills

offsec-exploit-research Elite adaptive whitebox exploit resea...

PT-2026-41172

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description A Server-Side Request Forgery SSRF bypass exists in the validate url function located in backend/open webui/retrieval/web/utils.py. The function calls validators.ipv6ip, private=True, but because...

PT-2026-41173

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description A Server-Side Request Forgery SSRF issue exists in the process picture url function within backend/open webui/utils/oauth.py. The function fetches URLs from OAuth picture claims without using the...

CVE-2026-44418

EcclesiaCRM is CRM Software for church management. In 8.0.0 and earlier, the ValidateInput function's default case in EcclesiaCRM's query view passes user-supplied POST parameters directly into SQL queries via strreplace without any sanitization, enabling SQL injection through query parameters th...

CVE-2026-44418 Incomplete fix for CVE-2026-35184: SQL Injection in phili67/ecclesiacrm

EcclesiaCRM is CRM Software for church management. In 8.0.0 and earlier, the ValidateInput function's default case in EcclesiaCRM's query view passes user-supplied POST parameters directly into SQL queries via strreplace without any sanitization, enabling SQL injection through query parameters th...

CVE-2026-44418

EcclesiaCRM is CRM Software for church management. In 8.0.0 and earlier, the ValidateInput function's default case in EcclesiaCRM's query view passes user-supplied POST parameters directly into SQL queries via strreplace without any sanitization, enabling SQL injection through query parameters th...

Incorrect Authorization

Overview authlib is a library in building OAuth and OpenID Connect servers. Affected versions of this package are vulnerable to Incorrect Authorization via the validateauthorizationrequest function. An attacker can cause the server to redirect users to arbitrary URLs by submitting a crafted...

EUVD-2026-29014

A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...

CVE-2026-8258

A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...

DEBIAN-CVE-2026-8258

A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow in the validateformat function. An attacker can execute arbitrary code or cause a denial of service by providing specially crafted input that triggers a stack-based buffer overflow. Remediation A fix was push...

CVE-2026-8258

A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...

CVE-2026-8258 Squirrel sqstdstring.cpp validate_format stack-based overflow

A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...

CVE-2026-8258

A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...

PT-2026-39551

A flaw has been found in Squirrel up to 3.2. Impacted is the function validate format in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...

SQUIRREL 缓冲区错误漏洞

SQUIRREL is a programming language developed by Alberto Demichelis. It is the stable version of SQUIRREL 3.2. Versions of SQUIRREL 3.2 and earlier had a buffer error vulnerability, which stemmed from a stack buffer overflow in the validateformat function within the sqstdlib/sqstdstring.cpp librar...

Unity Linux 20.1060e / 20.1070e Security Update: php (UTSA-2026-017575)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017575 advisory. In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filtervar function with FILTERVALIDATEURL...