We are excited to announce the release of Vulnerability-Lookup 4.6.0!
This version brings more transparency, new data sources, API improvements, notable UI enhancements, and several performance and stability fixes.

What's New

VLAI model transparency

The VLAI badge popover now surfaces the exact model name and revision used for a given analysis, with direct links to the HuggingFace model card and the revision commit. This is particularly useful as we regularly update our AI models and publish new versions on HuggingFace, making it easy to track exactly which model version produced a given result.

Moksha feeder

A new feeder for Moksha has been added, mirroring the indexing pattern used by the cvelistv5 source. Because Moksha is accessible over Tor, the feeder requires a local Tor instance and is disabled by default.

KEV catalog on the homepage and search results

The latest entries from CISA's Known Exploited Vulnerabilities (KEV) catalog are now displayed directly on the homepage. KEV catalog badges also appear on the search results page, giving you an immediate signal when a vulnerability is actively exploited in the wild.

Improved CSAF advisory display

CSAF advisories now show a structured per-status product table derived from the product_tree, and the /recent page loads only the selected source with its own pagination — making it faster to browse recent activity.

API additions

• A new with_meta parameter on the vulnerabilities list endpoint lets consumers fetch enriched metadata in a single call.
• Optional, tier-aware rate limits can now be applied to vulnerability read endpoints.
• A machine-readable access policy endpoint is available for automated consumers.

Changes

• Performance improvements — Hot read endpoints are now cached with a Redis backend, full-text index writes are batched, and homepage sighting statistics are computed via a dedicated aggregated endpoint. These changes significantly reduce load under traffic spikes.
• Homepage and template updates — The home page displays more information at a glance; the sources list on the About page is now in a collapsible accordion; Moksha is available in the /recent source menu.
• ML-Gateway — The gateway response now includes the model name and revision, which are forwarded by the API (project page).
• Dependencies — Python dependencies have been updated.

Fixes

This release includes a number of stability and correctness fixes: rate-limiter accuracy improvements (correct client IP resolution, dedicated Redis backend), Flask-Caching Redis pool reliability under gunicorn/gevent, EPSS badges on search results, timezone-aware timestamps for comments and bundles, restricted comment editing to authorized users only, and several minor UI and template corrections.

Changelog

📂 For the full list of changes, check the GitHub release:
github.com/vulnerability-looku…

🙏 A big thank you to all contributors and testers!

Feedback and Support

If you find any issues or have suggestions, please open a ticket on our GitHub repository:
github.com/vulnerability-looku…
We appreciate your feedback!

Follow Us on Fediverse/Mastodon

Stay updated on security advisories in real-time by following us on Mastodon:
social.circl.lu/@vulnerability…

I've been offline for a while, so didn't see this originally, but I randomly came across things that seem to be in reaction to this now-removed post.
I fetched the body of the post from the modlog - I'll avoid reposting it here, but wish to respond to the concern that's the "first big one".

Let's imagine that your instance had a minor outage. During that time, a remote user has made a post that their instance is trying to make you aware of by POSTing it to your inbox. It possibly retries a few times, but eventually it gives up.
Now you're online again, and you're receiving Likes and Replies to a post you don't have. Or maybe one of your users has noticed it's missing, so plugged it into the Search box.
What happens now? Well, if your instance is running Lemmy, it fetches it from the original source. This is normal and expected behaviour, and it just a plain old boring GET request.
If - for example - the post was https://lemmy.ml/post/47524469, then you never received a signed Create from https://lemmy.ml/u/yogthos, or a signed Announce from https://lemmy.ml/c/programmerhumor - there's no cryptographic verification at all, but you've asked an instance about activity from one of its own actors, and if you don't trust what it's saying, then you've got much bigger problems.

This isn't any different from what PieFed was doing (as part of its inter-op with PeerTube).
PeerTube has a different federation model than Lemmy. Video channels are like communities in many respects, but if it receives a reply from a remote user to a local video, then instead of sending out signed Announce by the channel (as Lemmy would do), it just resends the original Create out to its followers, but signed by the instance's "Application" actor instead. This meant that these replies were failing signature verification checks, because the 'actor' in the ActivityPub JSON (something like https://example.social/user/alice) was different that the actor who signed the POST (something like https://tinkerbetter.tube/accounts/peertube).
If you wanted to do it 'properly', then first you'd have to have a way of storing Application actors in your database, then you'd have to dig into the request header and get the Signature keyID, and then once that verified, you'd want to make sure that the instance does indeed host the appropriate community. Alternatively, you can think "bollocks to that", and just fetch the content from https://example.social/ instead.

There seemed to be some concern that an attacker could set up evil.com and send an unsigned POST to a PieFed instance saying that https://evil.com/user/alice has made a post to https://evil.com/post/1 and instead of rejected it as unsigned, PieFed would fetch https://evil.com/post/1.
Well ... yeah? If you own evil.com, then you have all the keys for your users, so nothing is stopping you sending posts that are signed by them (it's not like users know their own private keys). As such, whatever you might want to return from a GET request to https://evil.com/post/1 is exactly what you could put in a signed POST request from https://evil.com/user/alice anyway. If you're a malicious user with their own server, then you can pollute the fediverse as much as you like, until you get defederated of course, but the relevant bit of PieFed code wasn't making it any easier for such people.

I was thinking a bit about the bugs I found in the Piefed codebase yesterday. And these led to an emergency fix by the dev that's now been implemented. codeberg.org/rimu/pyfedi/commi…

And what the real takeaway for me here is that the whole dynamic of how we approach security has now changed in ways most people don't appreciate.

It used to take a lot of effort to find exploits in software projects because you’d have to spend a long time to familiarize yourself with the codebase, then comb through the code looking for mistakes that could be exploited. And to even do that, you'd need a good understanding of the protocols and specifications used by the application.

You basically had to be a domain expert with a deep understanding of how the application works. A random person looking at the source code would have little chance of finding any non trivial problems or figuring out how to actually exploit them.

And in that world, doing a private disclosure made a lot of sense because you did a lot of hard work to find it, and it wasn’t easy for somebody to replicate. This was valuable and dangerous knowledge that had to be communicated in a responsible fashion.

But now, anybody can throw an LLM at the code and it’ll sniff out vulnerabilities and even explain step by step how to exploit these security holes. So, the information itself isn’t really that valuable anymore. If I can throw an LLM at the code and find these problems in a few minutes, anybody else can do the same thing too.

I'm not a Python developer, I don't have any deep knowledge of the Python stack used in Piefed, and on my own, I'd have zero chance of finding these exploits. But once the LLM identifies them, it's very easy for me to verify that they are indeed real exploits, and to realize how they can be used maliciously.

The attacker doesn't even need to have any deep knowledge of programming because the LLM can guide them through the exploit step by step.

Open source projects are particularly vulnerable here since anybody can just grab the source and throw an LLM at it to see if it can find exploits.

I'd argue that raising awareness that this is now the state of things is really important, and I would suggest that running an LLM against the code is minimal due diligence at this point.

Obviously, the LLM vulnerability check is not exhaustive, and if it doesn't find anything that doesn't mean there aren't exploits in the code. But anything it does find should absolutely be checked by the developers.

People should be aware that we're now living in the world where the bar for finding vulnerabilities is far lower than it used to be. And that means security must be taken far more seriously.

First big one is app/activitypub/routes.py where a signature verification fail fall back code fetches the remote object without any cryptographic verification, then just trusts it allowing an attacker to send unsigned Create activities and have them processed as legitimate.

When a remote ActivityPub server sends a Create or Update activity to piefed's shared inbox, the verification logic at routes.py attempts two cryptographic checks. It starts with checking HTTP signature, then a Linked Data signature, and if both fail, instead of rejecting the activity, the code checks whether the inner object is a JSON dict with an id field, and if so, reduces it to just a URI string and lets it proceed with Actor found status. Later, process_inbox_request sees the object is a bare string and calls verify_object_from_source(), which fetches the object from the remote URL performing no cryptographic verification at all. The only check it makes is that the object's domain matches the actor's domain, which the attacker controls!

So, if an attacker stands up a server at evil.com and sends an unsigned Create activity to the victim's inbox with actor: "https://evil.com/user/alice" and object: {"id": "https://evil.com/post/1", "type": "Note", ...}. Both signature checks fail because the attacker never possessed any valid key. But since the object is a dict with an id, it gets reduced to just "https://evil.com/post/1" and the activity passes through. Later, verify_object_from_source fetches evil.com/post/1 which the attacker's server responds to with whatever JSON payload they want like spam, phishing links, hate speech, CSAM and processes it as a legitimate federated post attributed to the attacker's actor. The attacker can do this repeatedly from any domain they control, impersonating any actor, with no key infrastructure whatsoever.

This completely bypasses the identity model of the fediverse. Any domain can inject content into the server's database that appears to come from a legitimate federated user, bypassing all moderation at the source-server level. The attacker needs no key and no prior presence on the network, or even any relationship with the target instance. They just need the ability to send an HTTP POST to the inbox endpoint.

Another second critical vulnerability is a systemic SSRF across the entire outbound HTTP layer.

The get_request() at utils.py is the single HTTP client function used by every federation code path across activitypub/actor.py, activitypub/util.py, and activitypub/signature.py. It receives a URL and calls httpx_client.get(uri, follow_redirects=True) with zero validation of where that URL points. The URLs come from untrusted remote ActivityPub JSON objects such as actor profiles, post objects, webfinger responses, community metadata, image references, and nothing checks whether the hostname resolves to a private, loopback, link-local, or some cloud-metadata IP address.

The most direct entry point is fetch_actor_from_webfinger() at actor.py. When a user searches for a remote actor like @attacker@evil.com, piefed calls get_request(f"https://evil.com/.well-known/webfinger"). The attacker's server responds with a webfinger JSON that returns a self link pointing to 169.254.169.254/latest/meta-da… Piefed follows that link at line 211, and the response body, which is say cloud credentials, flows into the actor creation pipeline and gets logged and stored in the database. The same pattern repeats everywhere with verify_object_from_source() fetching object URIs from untrusted actors, 1refresh_user_profile_task()downloading avatar/header images from URLs embedded in remote actor data,save_og_image()` downloading OpenGraph images from any URL a user posts, instance polling fetching {protocol}://{instance.domain} for every federated instance.

Since httpx.get() with follow_redirects=True will follow HTTP redirects, an attacker can even serve a legitimate-looking URL like evil.com/avatar.png that 302-redirects to 127.0.0.1:6379/ or internal admin panels. There is no DNS rebinding protection, no IP allowlist, no protocol restriction to HTTPS, and no redirect chain inspection.

What this means is that an attacker can register a domain running a malicious ActivityPub server, and send a Follow activity to the victim server. The victim fetches the attacker's actor profile, which contains icon.url = "http://127.0.0.1:6379/". The application process connects to its own local Redis instance, which returns a plaintext error like NOAUTH Authentication required. That response is written to disk as the actor's avatar image, and the error message confirms Redis is present and unauthenticated, and it very much is unauthenticated. The attacker then sends a second activity with an icon.url pointing to 127.0.0.1:5432/, probing PostgreSQL, or 127.0.0.1:8080/admin/ to fingerprint internal dashboards. Each response is persisted to the filesystem where the attacker can eventually retrieve it, mapping out the internal network one federated request at a time.

The implications are that the federation protocol itself becomes a port-scanning and data-exfiltration channel. Every remote ActivityPub server the instance talks to can force it to make arbitrary HTTP requests to any address reachable from the piefed host, with the response data potentially persisted to disk or logged. Combined with the unsigned activity processing, an attacker doesn't even need a real server, they can just POST to /inbox.

And these are just a couple of egregious examples, there are plenty of terrible things like hardcoded default SECRET_KEY fallback used to forge sessions and JWT password reset tokens for any account, command injection vulnerabilities with os.system() calls, and so on.

Please update your Firefox to 150.0.3.

Details why: mozilla.org/en-US/security/adv…

Step-by-step instructions:
* open your Firefox application
* choose/click menu "Firefox"
* choose/click menu item "About Firefox"

If it says:
✓ Firefox is up to date
then you’re all set.

If there is a button that says:
( Check for updates )
then click that.

Or you may see it automatically download an update and see:
* Downloading update — nn.n of nnn MB
* Applying update…

If you see a button that says:
( ↻ Restart to Update Firefox )
then click that!

Aside: #pwn2own is TOMORROW and they hit capacity for the first time in their 19-year history.

hackread.com/pwn2own-berlin-20…

Today’s a good day to get/install OS and browser updates on all your critical devices.

Consider turning off wifi on non-critical devices (putting to sleep is no longer enough because many devices still listen to or contact the internet while asleep) until you have had a chance to safely update their software (perhaps after software updates are available in response to pwn2own demos and disclosures).

#Mozilla #Firefox #browser #cyberSecurity #cyber #security

Introduction

This vulnerability report has been generated with the help of AI, using the
VulnMCP tooling on top of
Vulnerability-Lookup,
with contributions from the platform's community.

It highlights the most frequently mentioned vulnerabilities for April 2026, based on data
aggregated from Vulnerability-Lookup, the
CISA Known Exploited Vulnerabilities
catalog, the CIRCL KEV catalog, the
ENISA EUVD feed, and contributor comments and bundles.
Sightings come from MISP, Exploit-DB, Bluesky,
Mastodon, Telegram, GitHub Gists,
The Shadowserver Foundation,
Nuclei,
SPLOITUS, Metasploit,
and more.
For further details, please visit this page.

The Month at a Glance

April 2026 was dominated by a Linux kernel crypto subsystem flaw, CVE-2026-31431 ("Copy Fail"), an algif_aead in-place operation regression that drew 279 sightings -- by far the highest activity of the month. Local privilege escalation against shared multi-user Linux hosts and container infrastructure (including Microsoft WSL) was confirmed in the wild, and CISA added the entry to its KEV catalog on May 1.

Edge-security appliances and developer tooling shaped the rest of the top ranking. Fortinet FortiClient EMS (improper access control, CVSS 9.1) was added to both the CISA and CIRCL KEV catalogs on April 6, and a related FortiClient EMS SQLi -- CVE-2026-21643 -- was KEV-listed on April 13. Adobe Acrobat Reader prototype-pollution CVE-2026-34621 and GitHub Enterprise Server git-push option injection CVE-2026-3854 both crossed 140 sightings, while Apache ActiveMQ CVE-2026-34197 (Jolokia/Spring code injection) followed closely.

A burst of "AI-stack" exposure also marked the month: marimo (pre-auth RCE via an unauthenticated terminal WebSocket) was added to KEV on April 23, and Meta React Server Components CVE-2025-55182 (KEV since December 2025, known ransomware use) continued to rack up sightings as scanning persisted.

The end of the month brought a critical hosting-stack incident: WebPros cPanel & WHM CVE-2026-41940, an authentication bypass in the login flow (CVSS 9.8), was disclosed on April 28-29 and added to CISA KEV on April 30 with a 3-day remediation deadline.

The CISA Known Exploited Vulnerabilities catalog added 30 entries during April. Highlights:

• CVE-2026-41940: WebPros cPanel & WHM authentication bypass
• CVE-2026-39987: marimo pre-auth RCE
• CVE-2026-34197: Apache ActiveMQ code injection via Jolokia
• CVE-2026-35616: Fortinet FortiClient EMS improper access control
• CVE-2026-34621: Adobe Acrobat & Reader prototype pollution
• CVE-2026-1340: Ivanti Endpoint Manager Mobile (EPMM) RCE
• CVE-2026-32201: Microsoft SharePoint Server spoofing
• CVE-2026-3502: TrueConf Client update integrity bypass
• CVE-2026-5281: Google Chrome / Dawn use-after-free

CISA also re-anchored attention on long-standing exploited issues -- ConnectWise ScreenConnect (CVE-2024-1708), SimpleHelp (CVE-2024-57726, CVE-2024-57728), Samsung MagicINFO (CVE-2024-7399), JetBrains TeamCity (CVE-2024-27199), PaperCut NG (CVE-2023-27351), Microsoft Exchange (CVE-2023-21529) and even legacy Microsoft Office issues from 2009/2012 (CVE-2009-0238, CVE-2012-1854).

The CIRCL Known Exploited Vulnerabilities catalog added one entry: CVE-2026-35616 (Fortinet FortiClient EMS), confirmed via incident-response evidence. The ENISA EUVD KEV catalog had no new entries in April.

Contributor activity in April focused on operational mitigations for the Linux kernel "Copy Fail" issue, with practical SELinux, systemd RestrictAddressFamilies, and initcall_blacklist recipes shared by community members.

Top 10 vulnerabilities of the Month

Known Exploited Vulnerabilities

New entries have been added to major Known Exploited Vulnerabilities catalogs.

CISA

More KEV entries from the CISA Catalog.

CIRCL

More KEV entries from the CIRCL Catalog.

ENISA (EUVD)

No new entry in April.

More KEV entries from the ENISA Catalog.

Insights from Contributors

Community members focused on operational mitigations for the Linux kernel "Copy Fail" issue, sharing concrete defensive recipes:

• Quick remediation for CVE-2026-31431 (algif_aead "Copy Fail") -- unloading the algif_aead kernel module, blacklisting via modprobe.d, and initcall_blacklist=algif_aead_init for kernels with the module compiled in.
• Microsoft WSL is also vulnerable to CVE-2026-31431 -- pointer to the Microsoft WSL issue tracker confirming impact on Windows hosts running WSL.
• Deny alg_socket to Containers with SELinux to Mitigate CVE-2026-31431 -- end-to-end SELinux deny-rule walk-through plus systemd-run -p RestrictAddressFamilies=~AF_ALG and SystemCallArchitectures=native mitigations for non-container services.

The recurring theme across these contributions: AF_ALG / algif_aead is rarely needed by user workloads, so disabling it at the kernel, container-runtime, or systemd-unit boundary is a pragmatic mitigation while distributions roll out the corrected kernel patches.

Thank you

Thank you to all the contributors and our diverse sources!

If you want to contribute to the next report, you can create your account.

Feedback and Support

If you have suggestions, please feel free to open a ticket on our GitHub repository. Your feedback is invaluable to us!
github.com/vulnerability-looku…

Funding

The main objective of Federated European Team for Threat Analysis (FETTA) is improvement of Cyber Threat Intelligence (CTI) products available to the public and private sector in Poland, Luxembourg, and the European Union as a whole.
Developing actionable CTI products (reports, indicators, etc) is a complex task and requires an in-depth understanding of the threat landscape and the ability to analyse and interpret large amounts of data. Many SOCs and CSIRTs build their capabilities in this area independently, leading to a fragmented approach and duplication of work.

The Computer Incident Response Center Luxembourg (CIRCL) is a government-driven initiative designed to provide a systematic response facility to computer security threats and incidents. The organization brings to the table its extensive experience in cybersecurity incident management, threat intelligence, and proactive response strategies. With a strong background in developing innovative open source cybersecurity tools and solutions, CIRCL's contribution to the FETTA project is instrumental in achieving enhanced collaboration and intelligence sharing across Europe.

Press release