Lucene search
+L

537 matches found

Cvelist
Cvelist
added 2026/05/20 1:25 a.m.60 views

CVE-2026-6394 Nexa Blocks <= 1.1.1 - Unauthenticated Blind Server-Side Request Forgery via 'demo_json_file' Parameter

The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Server-Side Request Forgery SSRF in versions up to and including 1.1.1. This is due to the importdemo function accepting a user-supplied URL in the demojsonfile POST parameter and...

5.4CVSS0.00316EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/19 9:23 a.m.10 views

CVE-2026-46722

The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...

5.9CVSS5.8AI score0.00301EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/14 3:46 p.m.9 views

CVE-2026-42281

MagicMirror² is an open source modular smart mirror platform. Prior to 2.36.0, an unauthenticated Server-Side Request Forgery SSRF vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadat...

9.2CVSS6AI score0.01623EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/05/14 3:46 p.m.22 views

EUVD-2026-30313

MagicMirror² is an open source modular smart mirror platform. Prior to 2.36.0, an unauthenticated Server-Side Request Forgery SSRF vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadat...

9.2CVSS6AI score0.01623EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/08 10:17 p.m.12 views

EUVD-2026-28868

FastGPT is an AI Agent building platform. Prior to version 4.14.17, an unauthenticated Server-Side Request Forgery SSRF vulnerability allows attackers or authenticated users with App editing privileges to send arbitrary HTTP requests to internal/private network addresses. The fetchData function i...

2.3CVSS5.9AI score0.00228EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/29 8:22 p.m.5 views

Server-side Request Forgery (SSRF)

Overview phpoffice/phpspreadsheet is a Spreadsheet engine that Read, Create and Write Spreadsheet documents in PHP . Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the IOFactory::load function. An attacker can execute arbitrary code or initiate unauthoriz...

10CVSS6.2AI score0.00712EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/04/25 1:44 a.m.6 views

SUSE CVE-2025-66286

An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP request...

4.7CVSS5.4AI score0.00233EPSS
Exploits0References3
NVD
NVD
added 2026/04/23 1:16 p.m.9 views

CVE-2025-66286

An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP request...

4.7CVSS0.00233EPSS
Exploits0References3
CVE
CVE
added 2026/04/23 12:33 p.m.22 views

CVE-2025-66286

Technical details about CVE-2025-66286 are not publicly available in the provided documents. Monitor for updates from Red Hat, WebKitGTK, and WPE WebKit for affected products, versions, impact, and fixes.

4.7CVSS5.8AI score0.00233EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/23 12:33 p.m.42 views

CVE-2025-66286 Webkitgtk: authorization bypass through webpage::send-request signal handler

An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP request...

4.7CVSS0.00233EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/23 12:33 p.m.5 views

CVE-2025-66286 Webkitgtk: authorization bypass through webpage::send-request signal handler

An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP request...

4.7CVSS5.8AI score0.00233EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.11 views

PT-2026-34659

An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP request...

4.7CVSS5.8AI score0.00233EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-66286

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications...

4.7CVSS6AI score0.00233EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/22 10:29 a.m.5 views

CVE-2026-31432

A flaw was found in the ksmbd component of the Linux kernel. This vulnerability allows an attacker to cause the system to write data beyond its intended memory boundaries when processing specific network requests. Specifically, when a complex request combines data reading with security informatio...

8.8CVSS6AI score0.00507EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/21 12:0 a.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the Optimizer component. An attacker can cause the application to hang or crash by sending specially crafted requests over the network while authenticated with high privileges...

6.9CVSS7.7AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 12:0 a.m.11 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the InnoDB component. An attacker can cause the server to hang or crash repeatedly by sending specially crafted requests over the network. Remediation Upgrade libmysqlclient to...

6.9CVSS7.8AI score0.00242EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 12:0 a.m.6 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the Information Schema component. An attacker can gain unauthorized access to sensitive data by sending crafted requests over the network. Remediation Upgrade libmysqlclient to versi...

5.3CVSS7.8AI score0.00243EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 12:0 a.m.6 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Optimizer component. An attacker can cause the server to hang or crash repeatedly by sending crafted requests over the network. Remediation Upgrade libmysqlclient to version...

6.9CVSS5.5AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 12:0 a.m.16 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the InnoDB component. An attacker can cause the server to hang or repeatedly crash by sending crafted requests over the network with high privileges. Remediation Upgrade...

6.9CVSS7.7AI score0.00323EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/20 11:8 p.m.32 views

CVE-2026-41302 OpenClaw < 2026.3.31 - Server-Side Request Forgery via Unguarded fetch() in Marketplace Plugin Download

OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. Attackers can exploit unguarded fetch calls to access internal resources or interact with external...

7.6CVSS0.00223EPSS
Exploits0References3
Rows per page
Query Builder