5 matches found
CVE-2026-12902
The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
CVE-2026-39362 InvenTree has SSRF via Remote Image Download — No IP/Hostname Validation on remote_image URLs
InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, when INVENTREEDOWNLOADFROMURL is enabled opt-in, authenticated users can supply remoteimage URLs that are fetched server-side via requests.get with only Django's URLValidator check. There is no validation against...
CVE-2026-39362
CVE-2026-39362 affects InvenTree (Open Source Inventory Management System). Before versions 1.2.7 and 1.3.0, when INVENTREE_DOWNLOAD_FROM_URL is enabled, authenticated users can supply remote_image URLs that are fetched server-side via requests.get() with only Django’s URLValidator check. There i...
InvenTree 代码问题漏洞
InvenTree is an open-source inventory management system developed by InvenTree. It provides powerful low-level inventory control and parts tracking capabilities. Versions of InvenTree prior to 1.2.7 and 1.3.0 contained code vulnerabilities. These vulnerabilities stemmed from the fact that when...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : OpenStack Glance vulnerability (USN-8111-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8111-1 advisory. It was discovered that OpenStack Glance was incorrectly validating the IP addresses and the redirect destination URL when downloading or...