Lucene search
K

89749 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/07 10:20 a.m.6 views

CVE-2026-27415

Cross-Site Request Forgery CSRF vulnerability in PluginUs.Net BEAR allows Cross Site Request Forgery. This issue affects BEAR: from n/a through 1.1.5...

4.3CVSS5.8AI score0.00095EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/07 10:19 a.m.16 views

WordPress BEAR plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by benzdeus in WordPress Plugin BEAR versions = 1.1.5...

4.3CVSS5.8AI score0.00095EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/05/07 9:31 a.m.11 views

EUVD-2025-209718

Cross-Site Request Forgery CSRF vulnerability in WPGraphQL allows Cross Site Request Forgery. This issue affects WPGraphQL: from n/a through 2.5.3...

5.4CVSS5.8AI score0.00092EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/07 9:25 a.m.11 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the process handling incoming requests. An attacker can perform unauthorized actions on behalf of an authenticated user by tricking them into submitting a crafted request. Remediation Upgrade...

5.4CVSS5.8AI score0.00092EPSS
Exploits0References2
NVD
NVD
added 2026/05/07 9:16 a.m.14 views

CVE-2025-68604

Cross-Site Request Forgery CSRF vulnerability in WPGraphQL allows Cross Site Request Forgery. This issue affects WPGraphQL: from n/a through 2.5.3...

5.4CVSS0.00092EPSS
Exploits0References1
Veracode
Veracode
added 2026/05/07 8:45 a.m.13 views

Server-Side Request Forgery (SSRF)

Apache Neethi is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to lack of validation of URIs in the PolicyReference API, allowing applications to fetch policies from arbitrary protocols or internal addresses, enabling attackers to trigger outbound requests to internal o...

7.2CVSS5.9AI score0.00497EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/07 7:40 a.m.7 views

CVE-2025-68604

Cross-Site Request Forgery CSRF vulnerability in WPGraphQL allows Cross Site Request Forgery. This issue affects WPGraphQL: from n/a through 2.5.3...

5.4CVSS5.8AI score0.00092EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/07 7:40 a.m.36 views

CVE-2025-68604 WordPress WPGraphQL plugin <= 2.5.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in WPGraphQL allows Cross Site Request Forgery. This issue affects WPGraphQL: from n/a through 2.5.3...

5.4CVSS0.00092EPSS
Exploits0References1
CVE
CVE
added 2026/05/07 7:40 a.m.12 views

CVE-2025-68604

WPGraphQL WordPress plugin

5.4CVSS5.8AI score0.00092EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/07 7:40 a.m.9 views

CVE-2025-68604 WordPress WPGraphQL plugin <= 2.5.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in WPGraphQL allows Cross Site Request Forgery. This issue affects WPGraphQL: from n/a through 2.5.3...

5.4CVSS5.8AI score0.00092EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/07 7:39 a.m.13 views

WordPress WPGraphQL plugin <= 2.5.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin WPGraphQL versions = 2.5.3...

5.4CVSS5.8AI score0.00092EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/07 6:21 a.m.4 views

Security Bulletin: Vulnerability in jetty affects IBM Netezza Appliance

Summary The jetty package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2024-6763 Vulnerability Details CVEID:CVE-2023-24056 DESCRIPTION: In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in...

5.5CVSS6.7AI score0.00986EPSS
Exploits2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/07 4:18 a.m.10 views

CVE-2026-41413 Istio Vulnerable to SSRF via RequestAuthentication jwksUri

Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhos...

5CVSS5.7AI score0.00329EPSS
Exploits0References3
CVE
CVE
added 2026/05/07 4:18 a.m.20 views

CVE-2026-41413

CVE-2026-41413 affects Istio: when a RequestAuthentication jwksUri points to an internal resource, istiod makes unauthenticated HTTP GET requests without filtering localhost/link-local IPs, risking SSRF and data exposure to Envoy proxies via xDS. Patched in Istio 1.28.6 and 1.29.2; upgrade to tho...

7.7CVSS5.7AI score0.00329EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/05/07 4:16 a.m.15 views

CVE-2026-41658

Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio inventory module enforces authorization for destructive operations delete, retire, reinstate only in the UI layer by conditionally rendering buttons. The backend POST handlers at modules/inventory.php for...

6.5CVSS0.00227EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/07 3:15 a.m.14 views

docling-graph has SSRF via Missing Internal IP Validation in URLInputHandler

Impact The URLInputHandler class in doclinggraph/core/input/handlers.py makes HTTP requests to user-supplied URLs without validating whether the target resolves to a private, loopback, or link-local IP address. The URLValidator only checks for a valid scheme and non-empty netloc, performing no...

5.7CVSS5.8AI score0.00188EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/07 3:15 a.m.10 views

GHSA-FQPH-J6V6-JVGX docling-graph has SSRF via Missing Internal IP Validation in URLInputHandler

Impact The URLInputHandler class in doclinggraph/core/input/handlers.py makes HTTP requests to user-supplied URLs without validating whether the target resolves to a private, loopback, or link-local IP address. The URLValidator only checks for a valid scheme and non-empty netloc, performing no...

5.7CVSS5.8AI score0.00188EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/07 3:15 a.m.12 views

Server-side Request Forgery (SSRF)

Overview docling-graph is an A tool to convert documents into knowledge graphs using Docling. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the URLInputHandler process. An attacker can access internal network resources or sensitive cloud metadata by...

6.9CVSS5.8AI score0.00188EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/07 3:1 a.m.10 views

EUVD-2026-28296

Admidio is an open-source user management solution. Prior to version 5.0.9, the incomplete SSRF fix in Admidio's fetchmetadata.php validates the resolved IP address but passes the original hostname-based URL to curlinit, leaving a DNS rebinding TOCTOU window that allows redirecting requests to...

6.8CVSS5.7AI score0.00236EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/07 3:1 a.m.9 views

CVE-2026-42194 Incomplete fix for CVE-2026-32812: SSRF in admidio

Admidio is an open-source user management solution. Prior to version 5.0.9, the incomplete SSRF fix in Admidio's fetchmetadata.php validates the resolved IP address but passes the original hostname-based URL to curlinit, leaving a DNS rebinding TOCTOU window that allows redirecting requests to...

6.8CVSS5.7AI score0.00428EPSS
Exploits1References2
Rows per page
Query Builder