CVE-2026-37235

FlexRIC v2.0.0 trusts the xapp_id field from E42 payloads without binding it to the sender’s SCTP association. The valid_xapp_id() check only ensures the value is within the assigned range, enabling a remote unauthenticated attacker to impersonate any xApp by supplying their xapp_id in requests t...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS through the idna.encode function when processing very large domain name inputs that exploit the validcontexto function before length validation. This is triggered by arbitrarily large inputs th...

GHSA-QWFW-GGXW-577C ex_webrtc client-role handshake is missing DTLS peer fingerprint validation

Summary Missing DTLS peer certificate fingerprint validation in the DTLS client active role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in standard deployments, but enables a full man-in-the-middle attack when chained with...

CVE-2026-5504

A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated...

GHSA-X2M8-53H4-6HCH OpenClaw: Discord voice ingress authorization can be bypassed via channel, name, and stale-role validation gaps

Summary Discord voice ingress authorization can be bypassed via channel, name, and stale-role validation gaps Current Maintainer Triage - Status: narrow - Assessment: Real in shipped v2026.3.28 Discord voice ingress, but impact is channel/member allowlist bypass rather than a broader critical aut...

CVE-2026-34590

Postiz is an AI social media scheduling tool. Prior to version 2.21.4, the POST /webhooks/ endpoint for creating webhooks uses WebhooksDto which validates the url field with only @IsUrl format check, missing the @IsSafeWebhookUrl validator that blocks internal/private network addresses. The updat...

EUVD-2026-17583

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific interest rates. While the frontend interface prevents users from entering negative numbers, this...

CVE-2026-32857

Firecrawl version 2.8.0 and prior contain a server-side request forgery SSRF protection bypass vulnerability in the Playwright scraping service where network policy validation is applied only to the initial user-supplied URL and not to subsequent redirect destinations. Attackers can supply an...

CVE-2025-14037

The Invelity Product Feeds plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 1.2.6. This is due to missing validation and sanitization in the 'createManageFeedPage' function. This makes it possible for authenticated...

Meet Agent Val: Closing the Validation Gap in Exposure Management at Machine Speed with Agentic AI

Executive Summary The primary challenge in vulnerability management is proving what is actually exploitable. Many vulnerabilities are not exploited, but still drain resources. Traditional tools often fail to validate real risks. Agent Val, within Qualys Enterprise TruRisk Management, delivers thi...

Kube-router Proxy Module Blindly Trusts ExternalIPs/LoadBalancer IPs Enabling Cluster-Wide Traffic Hijacking and DNS DoS

kube-router Proxy Module Does Not Validate ExternalIPs or LoadBalancer IPs Against Configured Ranges Summary This issue primarily affects multi-tenant clusters where untrusted users are granted namespace-scoped permissions to create or modify Services. Single-tenant clusters or clusters where all...

PYSEC-2026-117

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualDeletionDeleteMutation" is intended to allow users to delete individual entity objects respectively. However, it was observed that this...

CVE-2026-3644

A control character validation flaw has been discovered in the Python http.cookie module. The Morsel.update, |= operator, and unpickling paths were not patched to resolve CVE-2026-0672, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...

CVE-2026-30953

LinkAce is a self-hosted archive to collect website links. When a user creates a link via POST /links, the server fetches HTML metadata from the provided URL LinkRepository::create calls HtmlMeta::getFromUrl. The LinkStoreRequest validation rules do not include NoPrivateIpRule, allowing server-si...

PT-2026-24122

Name of the Vulnerable Software and Affected Versions Misskey versions 10.93.0 through 2026.3.0 Description Misskey is a federated social media platform. A flaw exists that allows importing data belonging to other users because of insufficient ownership validation. The potential impact is...

GHSA-595M-WC8G-6QGC WeKnora is Vulnerable to SSRF via Redirection

Summary The application's "Import document via URL" feature is vulnerable to Server-Side Request Forgery SSRF through HTTP redirects. While the backend implements comprehensive URL validation blocking private IPs, loopback addresses, reserved hostnames, and cloud metadata endpoints, it fails to...

PT-2026-27225

Summary ZIP extraction in OpenClaw could be raced into writing outside the intended destination directory via parent-directory symlink rebind between validation and write. Affected Packages / Versions - Package: openclaw npm - Vulnerable versions: = 2026.3.1 - Latest published vulnerable version...

CVE-2026-0704

In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...

PYSEC-2025-89

NUT-14 allows cashu tokens to be created with a preimage hash. However, nutshell cashubtc/nuts before 0.18.0 do not validate the size of preimage when the token is spent. The preimage is stored by the mint and attacker can exploit this vulnerability to fill the mint's db nd disk with arbitrary da...

PT-2025-46543

Name of the Vulnerable Software and Affected Versions LOGO! 12/24RCE 6ED1052-1MD08-0BA2 affected versions not specified LOGO! 12/24RCEo 6ED1052-2MD08-0BA2 affected versions not specified LOGO! 230RCE 6ED1052-1FB08-0BA2 affected versions not specified LOGO! 230RCEo 6ED1052-2FB08-0BA2 affected...