CVE-2026-21885

Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's media proxy endpoint GET /proxy/encodedDigest/encodedURL can be abused to perform Server-Side Request Forgery SSRF. An authenticated user can cause Miniflux to generate a signed proxy URL for attacker-chosen media URLs...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the proxy endpoint. An attacker can access internal network resources by crafting requests to internal addresses through authenticated sessions. PoC 1. Run Miniflux 2.2.15 with default configuration...

UBUNTU-CVE-2026-21885

Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's media proxy endpoint GET /proxy/encodedDigest/encodedURL can be abused to perform Server-Side Request Forgery SSRF. An authenticated user can cause Miniflux to generate a signed proxy URL for attacker-chosen media URLs...

CVE-2026-21885

Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's media proxy endpoint GET /proxy/encodedDigest/encodedURL can be abused to perform Server-Side Request Forgery SSRF. An authenticated user can cause Miniflux to generate a signed proxy URL for attacker-chosen media URLs...

CVE-2026-21885 Miniflux Media Proxy SSRF via /proxy endpoint allows access to internal network resources

Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's media proxy endpoint GET /proxy/encodedDigest/encodedURL can be abused to perform Server-Side Request Forgery SSRF. An authenticated user can cause Miniflux to generate a signed proxy URL for attacker-chosen media URLs...

Miniflux 安全漏洞

Miniflux is a minimalist synopsis reader open-sourced by Miniflux. A security vulnerability exists in Miniflux 2 versions prior to 2.2.16, which stems from a media proxy endpoint that can be abused, potentially leading to server-side request forgery...

PT-2026-2121

Name of the Vulnerable Software and Affected Versions Miniflux versions prior to 2.2.16 Description Miniflux is an open source feed reader. Prior to version 2.2.16, the media proxy endpoint, GET /proxy/encodedDigest/encodedURL, can be exploited to perform Server-Side Request Forgery SSRF. An...

EUVD-2006-4507

Malware in sbrugna...

EUVD-2025-6621

Malicious code in bioql PyPI...

EUVD-2025-6622

Malicious code in bioql PyPI...

CVE-2025-58228

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ShapedPlugin LLC Quick View for WooCommerce woo-quickview allows Stored XSS.This issue affects Quick View for WooCommerce: from n/a through = 2.2.16...

WordPress Quick View for WooCommerce Plugin <= 2.2.16 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Prissy in WordPress Plugin Quick View for WooCommerce versions = 2.2.16...

WordPress plugin Quick View for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-38457

Xenforo before 2.2.16 allows CSRF...

CVE-2025-1670

The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'cid' parameter in all versions up to, and including, 2.2.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...

CVE-2025-1668

The School Management System – WPSchoolPress plugin for WordPress is vulnerable to arbitrary user deletion due to a missing capability check on the wpspDeleteUser function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with teacher-level access a...

CVE-2025-1670

The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'cid' parameter in all versions up to, and including, 2.2.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...

CVE-2025-1670 School Management System – WPSchoolPress <= 2.2.16 - Authenticated (Parent+) SQL Injection

The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'cid' parameter in all versions up to, and including, 2.2.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...

WordPress plugin WPSchoolPress SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin...

WordPress School Management System – WPSchoolPress plugin <= 2.2.16 - Authenticated (Parent+) SQL Injection vulnerability

Authenticated Parent+ SQL Injection vulnerability discovered by wesley wcraft in WordPress Plugin WPSchoolPress versions = 2.2.16...