EUVD-2026-11054

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. A high-privileged attacker could exploit this vulnerability to manipulate...

CVE-2026-21294

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could bypass security features. The issue allows a high-privileged attacker to manipulate server-side requests and bypass c...

CVE-2026-2324

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.7. This is due to missing or incorrect nonce validation on the reloadpreview function. This makes it possible for...

CVE-2026-2324 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.7 - Cross-Site Request Forgery in Booking Form Settings Update to Stored Cross-Site Scripting

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.7. This is due to missing or incorrect nonce validation on the reloadpreview function. This makes it possible for...

EUVD-2026-10930

Flowise affected by Server-Side Request Forgery SSRF in HTTP Node Leading to Internal Network Access...

PT-2026-24858

Name of the Vulnerable Software and Affected Versions Woahai321 ListSync versions up to 0.6.6 Description A server-side request forgery issue exists in Woahai321 ListSync. The problem affects the requests.post function within the list-sync-main/api server.py file, specifically in the JSON Handler...

CVE-2025-70027

An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. This allows attackers to obtain sensitive information...

WordPress plugin Modular DS: Monitor, update, and backup multiple websites 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

sunbird-portal 安全漏洞

sunbird-portal is an open-source portal developed by Sunbird-ED. Version 1.13.4 of sunbird-portal contains a security vulnerability, which stems from server-side request forgery. This vulnerability could allow attackers to obtain sensitive information...

emlog 跨站请求伪造漏洞

Emlog is an open-source CMS website building system based on PHP and MySQL. Versions of Emlog 2.6.6 and earlier have a cross-site request forgeing vulnerability. This vulnerability stems from the lack of token checks in the deleteasync operation, which may lead to cross-site request forgeing...

PT-2026-24679

CVE-2025-70027 An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. This allows attackers to obtain sensitive informati… https://t.co/0CdAjHLKpo...

PT-2026-24558

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. A high-privileged attacker could exploit this vulnerability to manipulate...

CVE-2026-31829 Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.0.13, Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including...

CVE-2026-31829

Flowise prior to version 3.0.13 exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests to user-controlled URLs with no host restrictions. This enables a Server-Side Request Forgery (SSRF) vulnerability, allowing a user interacting with a publicly exposed chatflow t...

GHSA-WP52-R2FP-4VMR pdfmake is vulnerable to server-side request forgery (SSRF)

Server-Side Request Forgery SSRF vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive information via the src/URLResolver.js component. The fix was released in version 0.3.6 which introduces the setUrlAccessPolicy method allowing server operato...

WordPress Core <= 6.9.1 - Server-Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability discovered by sibwtf in WordPress core versions 6.9-6.9.1...

CVE-2026-28495

GetSimple CMS is a content management system. The massiveAdmin plugin v6.0.3 bundled with GetSimpleCMS-CE v3.3.22 allows an authenticated administrator to overwrite the gsconfig.php configuration file with arbitrary PHP code via the gsconfig editor module. The form lacks CSRF protection, enabling...

CVE-2026-28495 GetSimple CMS has CSRF to Remote Code Execution via Arbitrary PHP Write in gsconfig.php

GetSimple CMS is a content management system. The massiveAdmin plugin v6.0.3 bundled with GetSimpleCMS-CE v3.3.22 allows an authenticated administrator to overwrite the gsconfig.php configuration file with arbitrary PHP code via the gsconfig editor module. The form lacks CSRF protection, enabling...

CVE-2026-26801

Server-Side Request Forgery SSRF vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive information via the src/URLResolver.js component. The fix was released in version 0.3.6 which introduces the setUrlAccessPolicy method allowing server operato...

WordPress Admin Menu Editor plugin <= 1.14.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by timomangcut in WordPress Plugin Admin Menu Editor versions = 1.14.1...