CVE-2026-12210 universal-tool-calling-protocol python-utcp utcp-gql/utcp-websocket server-side request forgery

A vulnerability was detected in universal-tool-calling-protocol python-utcp 1.1.0. This affects an unknown function of the component utcp-gql/utcp-websocket. Performing a manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may b...

CVE-2026-12210 universal-tool-calling-protocol python-utcp utcp-gql/utcp-websocket server-side request forgery

A vulnerability was detected in universal-tool-calling-protocol python-utcp 1.1.0. This affects an unknown function of the component utcp-gql/utcp-websocket. Performing a manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may b...

EUVD-2026-36684

A vulnerability was detected in universal-tool-calling-protocol python-utcp 1.1.0. This affects an unknown function of the component utcp-gql/utcp-websocket. Performing a manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may b...

PT-2026-49221

WordPress More Fields Plugin 2.1 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by disabling CSRF token validation. Attackers can craft malicious web pages that trick logged-in administrators into adding or deleting custom fields and boxe...

PT-2026-49328

Name of the Vulnerable Software and Affected Versions shlink version 5.0.1 Description A Server-Side Request Forgery SSRF exists in the automatic short URL title resolution component. This allows attackers to scan internal resources by providing a crafted longUrl variable. Recommendations At the...

PT-2026-49346

Name of the Vulnerable Software and Affected Versions LobeHub versions prior to 2.1.57 Description An unauthenticated Server-Side Request Forgery SSRF exists in the '/webapi/proxy' endpoint. The route handler in src/app/backend/webapi/proxy/route.ts fails to implement the checkAuth function, whic...

PT-2026-49212

WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via lzcs...

PT-2026-49348

Administrator Server Side Request Forgery SSRF in PopAd = 1.0.4 versions...

PT-2026-49205

WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in...

CVE-2026-50888

The CVE-2026-50888 entry concerns an authenticated Server-Side Request Forgery (SSRF) in the custom scraper subsystem component of Benjamin Jonard Koillection v1.8.0. The underlying issue allows an authenticated attacker to cause the application to fetch internal resources by supplying a crafted ...

CVE-2026-50887

The provided documents confirm a Server-Side Request Forgery (SSRF) vulnerability in shlink v5.0.1. The flaw resides in the automatic short URL title resolution component and is exploitable by supplying a crafted longUrl, enabling an attacker to scan internal resources. No concrete remediation de...

PT-2026-49329

Name of the Vulnerable Software and Affected Versions Benjamin Jonard Koillection version 1.8.0 Description An authenticated Server-Side Request Forgery SSRF exists in the custom scraper subsystem component. This allows attackers to scan internal resources by supplying a crafted URL. SSRF is a fl...

CVE-2026-50888

An authenticated Server-Side Request Forgery SSRF in the custom scraper subsystem component of Benjamin Jonard Koillection v1.8.0 allows attackers to scan internal resources via supplying a crafted URL...

PT-2026-49172

A vulnerability was detected in universal-tool-calling-protocol python-utcp 1.1.0. This affects an unknown function of the component utcp-gql/utcp-websocket. Performing a manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may b...

PT-2026-49497

Unauthenticated Cross Site Request Forgery CSRF in WP Migrate Lite = 2.7.8 versions...

Exploit for Cross-Site Request Forgery (CSRF) in Jupyter Jupyterhub

CVE-2026-40864 — JupyterHub XSRF bypass via cross-origin form...

SUSE CVE-2026-34181

Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...

SUSE CVE-2026-45445

Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV...

SUSE CVE-2026-45446

Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's...

CVE-2026-48119

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.12, authenticated agents can forge service-monitor results for other users' services. This issue has been patched in version 2.0.12...