Lucene search
K

90466 matches found

NVD
NVD
added 3 hours ago5 views

CVE-2026-61503

Rejetto HFS 3.0.0 through 3.2.0 returns observably different responses from its login endpoint depending on whether the submitted username exists. A remote unauthenticated attacker can use this to confirm valid account names, including the default admin account, facilitating password-guessing and...

6.9CVSS
Exploits0References2
NVD
NVD
added 3 hours ago4 views

CVE-2026-61500

Rejetto HFS 3.0.0 through 3.2.0 derives its session-cookie signing key from the non-cryptographic Math.random generator and discloses outputs of the same generator to unauthenticated clients during login. A remote attacker can collect a small number of login responses, reconstruct the generator's...

9.8CVSS
Exploits0References2
CVE
CVE
added 4 hours ago6 views

CVE-2026-61503

Rejetto HFS 3.0.0 through 3.2.0 returns observably different responses from its login endpoint depending on whether the submitted username exists. A remote unauthenticated attacker can use this to confirm valid account names, including the default admin account, facilitating password-guessing and...

6.9CVSS6.1AI score
Exploits0References2
CVE
CVE
added 4 hours ago6 views

CVE-2026-61502

Rejetto HFS 3.0.0 through 3.2.0 accepts state-changing API requests via the GET method and exempts GET requests from its anti-CSRF header check. A remote attacker can perform administrative actions including account creation and configuration changes leading to code execution - by causing a...

5.1CVSS6.4AI score
Exploits0References2
CVE
CVE
added 4 hours ago6 views

CVE-2026-61500

Rejetto HFS 3.0.0 through 3.2.0 derives its session-cookie signing key from the non-cryptographic Math.random generator and discloses outputs of the same generator to unauthenticated clients during login. A remote attacker can collect a small number of login responses, reconstruct the generator's...

9.8CVSS6.5AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 9 hours ago8 views

Security Bulletin: Vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2026-10845, CVE-2026-8646, CVE-2026-9320, CVE-2026-9071 and CVE-2026-9006)

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about multiple vulnerabilities affecting WebSphere Application Server have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in...

9.1CVSS5.5AI score0.00338EPSS
Exploits0Affected Software1
NVD
NVD
added 11 hours ago5 views

CVE-2026-61970

Server-Side Request Forgery SSRF vulnerability in Themeisle Auto Featured Image Auto Post Thumbnail auto-post-thumbnail allows Server Side Request Forgery.This issue affects Auto Featured Image Auto Post Thumbnail: from n/a through = 5.0.4...

4.9CVSS
Exploits0References1
NVD
NVD
added 11 hours ago5 views

CVE-2026-57786

Cross-Site Request Forgery CSRF vulnerability in purethemes WorkScout-Core workscout-core allows Authentication Bypass.This issue affects WorkScout-Core: from n/a through = 1.7.08...

8.8CVSS
Exploits0References1
NVD
NVD
added 11 hours ago4 views

CVE-2026-57413

Server-Side Request Forgery SSRF vulnerability in bdthemes Instant Image Generator ai-image allows Server Side Request Forgery.This issue affects Instant Image Generator: from n/a through = 2.1.4...

6.4CVSS
Exploits0References1
NVD
NVD
added 11 hours ago4 views

CVE-2026-57407

Server-Side Request Forgery SSRF vulnerability in WP Swings PDF Generator for WordPress pdf-generator-for-wp allows Server Side Request Forgery.This issue affects PDF Generator for WordPress: from n/a through = 1.6.2...

7.2CVSS
Exploits0References1
NVD
NVD
added 11 hours ago3 views

CVE-2026-57372

Server-Side Request Forgery SSRF vulnerability in denishua WPJAM Basic wpjam-basic allows Server Side Request Forgery.This issue affects WPJAM Basic: from n/a through = 7.0...

7.2CVSS
Exploits0References1
NVD
NVD
added 11 hours ago4 views

CVE-2026-49876

Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs. A vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 through 1.2.1. Users are recommended to upgrade to...

6.5CVSS
Exploits0References2
EUVD
EUVD
added 12 hours ago5 views

EUVD-2026-43306

A Server-Side Request Forgery SSRF protection bypass existed in the htmltomarkdown expansion module of misp-modules. The module attempts to prevent requests to loopback, private, link-local, and other restricted IP address ranges. However, IP addresses were compared against the blocked ranges...

8.3CVSS6.1AI score
Exploits0References2
NVD
NVD
added 12 hours ago4 views

CVE-2026-62143

A Server-Side Request Forgery SSRF protection bypass existed in the htmltomarkdown expansion module of misp-modules. The module attempts to prevent requests to loopback, private, link-local, and other restricted IP address ranges. However, IP addresses were compared against the blocked ranges...

8.3CVSS
Exploits0References1
Cvelist
Cvelist
added 13 hours ago5 views

CVE-2026-49876 Apache Gravitino: Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs

Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs. A vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 through 1.2.1. Users are recommended to upgrade to...

Exploits0References1
CVE
CVE
added 13 hours ago7 views

CVE-2026-61970

The CVE-2026-61970 entry concerns a Server-Side Request Forgery (SSRF) in the Themeisle Auto Featured Image (Auto Post Thumbnail) WordPress plugin. Affected versions are <= 5.0.4 (reported as from n/a through

4.9CVSS6.1AI score
Exploits0References1
CVE
CVE
added 13 hours ago8 views

CVE-2026-61956

The CVE-2026-61956 entry describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin sync-basalam (ووسلام – همگام سازی ووکامرس و باسلام) up to version 1.9.1. Affected component: the plugin’s CSRF handling exposes an attack surface enabling unauthorized actions initiated by...

7.1CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 13 hours ago6 views

CVE-2026-57786 WordPress WorkScout-Core plugin <= 1.7.08 - Cross Site Request Forgery (CSRF) to Broken Authentication vulnerability

Cross-Site Request Forgery CSRF vulnerability in purethemes WorkScout-Core workscout-core allows Authentication Bypass.This issue affects WorkScout-Core: from n/a through = 1.7.08...

8.8CVSS
Exploits0References1
Cvelist
Cvelist
added 13 hours ago6 views

CVE-2026-61970 WordPress Auto Featured Image (Auto Post Thumbnail) plugin <= 5.0.4 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Themeisle Auto Featured Image Auto Post Thumbnail auto-post-thumbnail allows Server Side Request Forgery.This issue affects Auto Featured Image Auto Post Thumbnail: from n/a through = 5.0.4...

4.9CVSS
Exploits0References1
Cvelist
Cvelist
added 13 hours ago5 views

CVE-2026-61956 WordPress ووسلام – همگام سازی ووکامرس و باسلام plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in hamsalam ووسلام همگام سازی ووکامرس و باسلام sync-basalam allows Cross Site Request Forgery.This issue affects ووسلام همگام سازی ووکامرس و باسلام: from n/a through = 1.9.1...

7.1CVSS
Exploits0References1
Rows per page
Query Builder