CVE-2025-55041

MuraCMS through 10.1.10 contains a CSRF vulnerability in the Add To Group functionality for user management cUsers.cfc addToGroup method that allows attackers to escalate privileges by adding any user to any group without proper authorization checks. The vulnerable function lacks CSRF token...

PT-2026-26082

The Trash Restore CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to restore deleted content from the trash to unauthorized locations through CSRF. The vulnerable cTrash.restore function lacks CSRF token validation, enabling malicious websites to forge requests that restore content...

SSRF in @aborruso/ckan-mcp-server via base_url allows access to internal networks

The @aborruso/ckan-mcp-server MCP server provides tools including ckanpackagesearch and sparqlquery that accept a baseurl parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to contact cloud metadata or internal network service...

CVE-2026-27978 Next.js: null origin can bypass Server Actions CSRF checks

Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, origin: null was treated as a "missing" origin during Server Action CSRF validation. As a result, requests from opaque contexts such as sandboxed iframes could bypass...

CVE-2026-32839 Edimax GS-5008PL <= 1.00.54 CSRF via Management CGI Endpoints

Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-site request forgery vulnerability that allows remote attackers to perform unauthorized administrative actions by inducing logged-in administrators to visit malicious pages. Attackers can exploit the lack of anti-CSRF tokens and...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the URL validation logic due to improper handling of underscores in hostnames. An attacker can access internal resources or sensitive endpoints by submitting specially crafted URLs containing...

GHSA-MQ59-M269-XVCX Next.js: null origin can bypass Server Actions CSRF checks

Summary origin: null was treated as a "missing" origin during Server Action CSRF validation. As a result, requests from opaque contexts such as sandboxed iframes could bypass origin verification instead of being validated as cross-origin requests. Impact An attacker could induce a victim browser ...

CVE-2026-3632

A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup does not properly validate hostnames, allowing special characters to be injected into HTTP headers. A remote attacker could exploit this to perform HTTP smuggling, where...

CVE-2026-4308

CVE-2026-4308 affects frdel/agent0ai agent-zero 0.9.7. The flaw resides in the function handle_pdf_document of python/helpers/document_query.py, enabling remote server-side request forgery (SSRF). Public exploit code is available; exploitation is possible without user interaction beyond initial a...

EUVD-2026-12525

A vulnerability was determined in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433. This issue affects the function downloadFile of the file - yudao-module-digitalcourse/yudao-module-digitalcourse-biz/src/main/java/cn/iocoder/yudao/module/digitalcourse/util/PPTUtil.java of th...

CVE-2026-4284

A vulnerability was determined in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433. This issue affects the function downloadFile of the file - yudao-module-digitalcourse/yudao-module-digitalcourse-biz/src/main/java/cn/iocoder/yudao/module/digitalcourse/util/PPTUtil.java of th...

Admidio Vulnerable to SSRF and Local File Read via Unrestricted URL Fetch in SSO Metadata Endpoint

Summary The SSO metadata fetch endpoint at modules/sso/fetchmetadata.php accepts an arbitrary URL via $GET'url', validates it only with PHP's FILTERVALIDATEURL, and passes it directly to filegetcontents. FILTERVALIDATEURL accepts file://, http://, ftp://, data://, and php:// scheme URIs. An...

Server-side Request Forgery (SSRF)

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the fetchmetadata.php process when user-supplied input is passed to filegetcontents after only...

Cross-site Request Forgery (CSRF)

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the savemembership process. An attacker can alter membership start and end dates for any member of...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via httprequester.go and httpdownloader.go‎. An attacker can access internal network resources and exfiltrate sensitive data by crafting malicious promotion templates or Promotion resources that trigger...

GHSA-J94X-8WCP-X7HM Kargo Vulnerable to SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration

Summary Kargo's built-in http and http-download promotion steps execute outbound HTTP requests from the Kargo controller. By design, these steps do not restrict destination addresses, as there are legitimate use cases for requests to internal and private endpoints. However, this also permits...

Kargo Vulnerable to SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration

Summary Kargo's built-in http and http-download promotion steps execute outbound HTTP requests from the Kargo controller. By design, these steps do not restrict destination addresses, as there are legitimate use cases for requests to internal and private endpoints. However, this also permits...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the actionLoadBucketData endpoint in DefaultController. An attacker can access sensitive information by sending unauthenticated requests with a valid CSRF token. Remediation Upgrade...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the BucketsController-actionLoadBucketData endpoint. An attacker can retrieve a list of accessible buckets by sending a request with a valid CSRF token, even without authentication. Remediation Upgrade...

CVE-2026-29521

CVE-2026-29521 affects Hereta ETH-IMC408M devices with firmware 1.0.15 and earlier, where missing CSRF protections in setup.cgi allow cross-site request forgery. An attacker hosting malicious pages can submit forged requests using automatically-included HTTP Basic Authentication credentials to mo...