89709 matches found
CVE-2026-42286 Emlog: Cross-Site Request Forgery in Admin Functions
Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions like system registration, plugin management, and configuration changes. This...
CVE-2026-42193
Plunk (open-source email platform built on AWS SES) fixes a prior vulnerability: before v0.9.0, /webhooks/sns accepted unauthenticated SNS payloads without signature/cert/topic ARN verification, enabling forged webhook requests. Attackers could spoof SNS events to trigger automations, unsubscribe...
EUVD-2026-28832
Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webhooks/sns endpoint accepts Amazon SNS notification payloads from unauthenticated requests without verifying the SNS signature, certificate, or topic ARN, meaning anyone can forge a valid-looking webhoo...
CVE-2026-42193 Plunk: SNS webhook forgery
Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webhooks/sns endpoint accepts Amazon SNS notification payloads from unauthenticated requests without verifying the SNS signature, certificate, or topic ARN, meaning anyone can forge a valid-looking webhoo...
CVE-2026-42193 Plunk: SNS webhook forgery
Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webhooks/sns endpoint accepts Amazon SNS notification payloads from unauthenticated requests without verifying the SNS signature, certificate, or topic ARN, meaning anyone can forge a valid-looking webhoo...
CVE-2026-44694
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. From version 2.18.7 to before version 2.50.2, there is an authenticated server-side request forgery vulnerability affecting the webhook trigger tools, the n8n API client N8NAPIURL, a...
CVE-2026-42190
RedwoodSDK (rwsdk) server actions from version 1.0.0-beta.50 up to, but not including, 1.2.3, did not validate the Origin header, enabling same-site CSRF with the victim’s session cookie. The issue is fixed in version 1.2.3. Affected component: server actions (serverAction, RSC protocol); impact:...
CVE-2026-42180 Lemmy: SSRF in /api/v3/post via Webmention dispatch
Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy allows an authenticated low-privileged user to create a link post through POST /api/v3/post. When a post is created in a public community, the backend asynchronously sends a Webmention to the attacker-controll...
CVE-2026-42180
Lemmy prior to version 0.19.18 is affected by a server-side request forgery: an authenticated low-privilege user can create a link post via POST /api/v3/post, and when posted to public communities Lemmy dispatches a Webmention to the target. The code path only validates the URL’s syntax/scheme (h...
CVE-2026-42181 Lemmy: SSRF and internal image disclosure in post link metadata via unvalidated og:image
Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy fetches metadata for user-supplied post URLs and, under the default StoreLinkPreviews image mode, downloads the preview image through local pict-rs. While the top-level page URL is checked against internal IP...
CVE-2026-42176
Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.67.0, Scoold allows the admins configuration value to be modified through /api/config/set/admins with a forged Bearer token that is accepted as an admin API token. Once that setting is changed, the target email address...
CVE-2026-44694
CVE-2026-44694 affects n8n-MCP before 2.50.2. An authenticated SSRF vulnerability exists in the webhook trigger tools, the n8n API client (N8N_API_URL), and per-request URLs via the x-n8n-url header in multi-tenant HTTP mode. Exploitation allows a valid MCP session to cause the host to send HTTP ...
CVE-2026-44694 n8n-MCP: Authenticated SSRF in n8n-mcp webhook and API client paths
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. From version 2.18.7 to before version 2.50.2, there is an authenticated server-side request forgery vulnerability affecting the webhook trigger tools, the n8n API client N8NAPIURL, a...
CVE-2026-44694
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. From version 2.18.7 to before version 2.50.2, there is an authenticated server-side request forgery vulnerability affecting the webhook trigger tools, the n8n API client N8NAPIURL, a...
CVE-2026-44694 n8n-MCP: Authenticated SSRF in n8n-mcp webhook and API client paths
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. From version 2.18.7 to before version 2.50.2, there is an authenticated server-side request forgery vulnerability affecting the webhook trigger tools, the n8n API client N8NAPIURL, a...
Server-side Request Forgery (SSRF)
Overview bugsink is a Self-hosted Error Tracking Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the validatewebhookurl process. An attacker can cause the application to send outbound HTTP POST requests to unintended hosts, including internal or...
Exploit for Server-Side Request Forgery in Espocrm
CVE-2026-33534 - EspoCRM 9.3.3 Authenticated SSRF Authenticat...
GHSA-R48C-V28R-PF6V MCP Registry has an unauthenticated SSRF: HTTP namespace verification dials 6to4 / NAT64 / site-local IPv6 addresses, bypassing private-address allowlist
Summary The Registry's HTTP-based namespace verification POST /v0/auth/http, POST /v0.1/auth/http uses safeDialContext internal/api/handlers/v0/auth/http.go:67-110 to refuse dialling private/internal addresses when fetching the well-known public-key file from a publisher-supplied domain. The...
CVE-2026-41887
Flarum is open-source forum software. Prior to versions 1.8.16 and 2.0.0-rc.1, Flarum's patch for CVE-2023-27577 restricted the @import and data-uri LESS features in the customless setting, but the same restriction was never applied to other settings registered as LESS config variables for exampl...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the improper validation of the audience parameter in the OIDC authentication process. An attacker can gain unauthorized publish permissions by replaying a valid GitHub OIDC token obtained from one...