CVE-2026-22245 Mastodon has SSRF Protection bypass

Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbound requests to user-provided domains. Mastodon, however, has some protection mechanism to disallow requests to local IP addresses unless specified in ALLOWEDPRIVATEADDRESSES to...

EUVD-2025-3761

Malicious code in bioql PyPI...

Joomla! 4.x < 4.4.11 SQL injection

According to its self-reported version, the instance of Joomla! running on the remote web server is 4.x prior to 4.4.11 or 5.x prior to 5.2.4. It is, therefore, affected by a SQL injection vulnerability in the backend task list of comscheduler due to improperly built order clauses. Note that the...

MongoDB DoS Vulnerability (SERVER-58203, SERVER-59299, SERVER-60218) - Linux

MongoDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mongodb:mongodb"; if...

Updated bugzilla packages fix security vulnerability

Login names usually an email address longer than 127 characters are silently truncated in MySQL which could cause the domain name of the email address to be corrupted. An attacker could use this vulnerability to create an account with an email address different from the one originally requested...