PT-2026-42375

Gotenberg's DNS rebinding bypasses SSRF validation on Chromium URL conversion routes in github.com/gotenberg/gotenberg...

PT-2026-42060

The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Server-Side Request Forgery SSRF in versions up to and including 1.1.1. This is due to the import demo function accepting a user-supplied URL in the demo json file POST parameter and...

CVE-2026-44925

Cross-Site Request Forgery CSRF vulnerability in InfoScale v.9.1.3 Operations Manager VIOM allows an attacker to force the user with an active session into clicking a malicious HTML link, which triggers unintended modifications on VIOM web application without the user's knowledge...

PT-2026-42078

Name of the Vulnerable Software and Affected Versions BLOGCHAT Chat System versions prior to 1.3.6.4 Description The BLOGCHAT Chat System plugin for WordPress contains a Cross-Site Request Forgery CSRF flaw. This occurs due to missing or incorrect nonce validation—a security token used to ensure...

CVE-2026-44925

Cross-Site Request Forgery CSRF vulnerability in InfoScale v.9.1.3 Operations Manager VIOM allows an attacker to force the user with an active session into clicking a malicious HTML link, which triggers unintended modifications on VIOM web application without the user's knowledge...

WordPress plugin Sentence To SEO 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin Child Height Predictor by Ostheimer 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-42059

The Sentence To SEO keywords, description and tags plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the create admin page function. This makes it possible for unauthenticated attacke...

CVE-2026-44925

Cross-Site Request Forgery CSRF vulnerability in InfoScale v.9.1.3 Operations Manager VIOM allows an attacker to force the user with an active session into clicking a malicious HTML link, which triggers unintended modifications on VIOM web application without the user's knowledge...

PT-2026-42064

Name of the Vulnerable Software and Affected Versions Child Height Predictor by Ostheimer versions prior to 1.4 Description The plugin is susceptible to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a user into performing actions they did not intend to. This occurs because the...

PT-2026-42079

Name of the Vulnerable Software and Affected Versions JaviBola Custom Theme Test versions prior to 2.0.6 Description The JaviBola Custom Theme Test plugin for WordPress contains a Cross-Site Request Forgery CSRF flaw, which occurs when a web application allows an attacker to induce a user to...

PT-2026-42149

Cross-Site request forgery CSRF vulnerability in Sitemio Information Technologies Trade Ltd. Co. WISECP allows Cross Site Request Forgery. This issue affects WISECP: through 20022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

PT-2026-42370

monetr: Server-side request forgery in Lunch Flow link creation and refresh in github.com/monetr/monetr...

PT-2026-42067

Name of the Vulnerable Software and Affected Versions Bigfishgames Syndicate versions prior to 1.3 Description The Bigfishgames Syndicate plugin for WordPress contains a Cross-Site Request Forgery CSRF flaw. This occurs because the bigfishgames syndicate submenu function lacks proper nonce...

CVE-2026-44925

CVE-2026-44925 describes a Cross-Site Request Forgery (CSRF) in InfoScale v.9.1.3 Operations Manager (VIOM). The vulnerability arises from an ability for an attacker to coerce an active VIOM session user into clicking a crafted HTML link, resulting in unintended modifications within the VIOM web ...

cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves

A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification ECDSA and...

CVE-2023-7345

Ledger Live with vulnerable versions of ledgerhq/hw-app-eth prior to 6.34.7 contains an integer parsing vulnerability that allows attackers to manipulate EIP-712 typed data messages by exploiting incorrect hexadecimal field parsing when values contain an odd number of characters. Attackers can...

EUVD-2026-30994

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior have a Privilege Escalation vulnerability where insufficient access control checks in ProjectUsersAddCommand manageprojuseradd.php allow users having manageprojectthreshold access level manager by default to...

Server-side Request Forgery (SSRF)

Overview @angular/platform-server is an Angular - library for using Angular in Node.js Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the processing of absolute-form URLs in the server-side rendering engine. An attacker can redirect internal HTTP...

NPM: SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl

NPM: SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl vulnerability discovered by ? in WordPress Npm sillytavern versions = 1.17.0...