Lucene search
K

6 matches found

EUVD
EUVD
added 2026/04/16 12:54 a.m.5 views

EUVD-2026-23121

ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbitrary URLs to the module download parameter, causing the server to issue outbound HTTP requests t...

6.8CVSS5.9AI score0.00385EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/15 10:30 p.m.6 views

Server-side Request Forgery (SSRF)

Overview processwire/processwire is a CMS/CMF. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the Add Module From URL process. An attacker can access internal network resources and sensitive endpoints by supplying arbitrary URLs to the module download...

6.8CVSS5.9AI score0.00385EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/15 9:25 p.m.4 views

CVE-2026-40500

...

5.9AI score0.00385EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/15 9:25 p.m.25 views

CVE-2026-40500

...

0.00385EPSS
Exploits0
CVE
CVE
added 2026/04/15 9:25 p.m.34 views

CVE-2026-40500

Summary: Multiple sources describe a server-side request forgery (SSRF) in ProcessWire CMS prior to 3.0.256 via the admin panel’s “Add Module From URL” feature. The vulnerability permits an authenticated administrator to supply arbitrary URLs to the module-download parameter, triggering outbound ...

5.9AI score0.00385EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.8 views

PT-2026-33179

ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbitrary URLs to the module download parameter, causing the server to issue outbound HTTP requests t...

6.8CVSS5.9AI score0.00385EPSS
Exploits0References6
Rows per page
Query Builder