55967 matches found
CVE-2026-30247
WeKnora (LLM-powered document framework) prior to version 0.2.12 is vulnerable to SSRF via HTTP redirects during the Import document via URL flow. Backend URL validation blocks private IPs, loopback, reserved hostnames, and cloud metadata, but redirect targets are not validated, enabling bypass t...
CVE-2026-2494 ProfileGrid <= 5.9.8.2 - Cross-Site Request Forgery to Group Membership Request Approval/Denial
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.8.2. This is due to missing nonce validation on the membership request management page approve and decline actions. This makes it...
EUVD-2026-10089
The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing nonce validation on the 'updateaction' function. This makes it possible for unauthenticated attackers to approve or reject user account...
PT-2026-23890
Name of the Vulnerable Software and Affected Versions welovemedia FFmate versions up to 2.0.15 Description A weakness exists in welovemedia FFmate up to version 2.0.15. This issue affects the fireWebhook function within the /internal/service/webhook/webhook.go file. A manipulation can lead to...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the webfetch process. An attacker can access internal resources and sensitive data by exploiting DNS rebinding to bypass URL validation and force the application to connect to private IP addresses...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the webfetch process. An attacker can access internal resources and sensitive data by exploiting DNS rebinding to bypass URL validation and force the application to connect to private IP addresses...
WeKnora has DNS Rebinding Vulnerability in web_fetch Tool that Allows SSRF to Internal Resources
Summary A DNS rebinding vulnerability in the webfetch tool allows an unauthenticated attacker to bypass URL validation and access internal resources on the server, including private IP addresses e.g., 127.0.0.1, 192.168.x.x. By crafting a malicious domain that resolves to a public IP during...
CVE-2026-30242
Plane (open-source project management tool) contains an SSRF vulnerability in webhook URL validation: prior to v1.2.3, the code only checked ip.is_loopback, enabling workspace ADMINs to create webhooks pointing at private/internal addresses (10.x.x.x, 172.16.x.x, 192.168.x.x, 169.254.169.254, etc...
CVE-2026-30242 Plane: SSRF via Incomplete IP Validation in Webhook URL Serializer
Plane is an an open-source project management tool. Prior to version 1.2.3, the webhook URL validation in plane/app/serializers/webhook.py only checks ip.isloopback, allowing attackers with workspace ADMIN role to create webhooks pointing to private/internal network addresses 10.x.x.x, 172.16.x.x...
CVE-2026-30242 Plane: SSRF via Incomplete IP Validation in Webhook URL Serializer
Plane is an an open-source project management tool. Prior to version 1.2.3, the webhook URL validation in plane/app/serializers/webhook.py only checks ip.isloopback, allowing attackers with workspace ADMIN role to create webhooks pointing to private/internal network addresses 10.x.x.x, 172.16.x.x...
CVE-2026-29788 TSPortal: Anyone can forge self-deletion requests of any user
TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 30, conversion of empty strings to null allows disguising DPA reports as genuine self-deletion reports. This issue has been...
CVE-2026-30844
Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 are vulnerable to Server-Side Request Forgery SSRF via attachment URL loading. During board import in Wekan, attachment URLs from user-supplied JSON data are fetched directly by the server without any URL validation or...
CVE-2026-30844 Wekan Vulnerable to SSRF through Lack of Validation or Filtering in Attachment URL Loading
Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 are vulnerable to Server-Side Request Forgery SSRF via attachment URL loading. During board import in Wekan, attachment URLs from user-supplied JSON data are fetched directly by the server without any URL validation or...
CVE-2026-30844 Wekan Vulnerable to SSRF through Lack of Validation or Filtering in Attachment URL Loading
Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 are vulnerable to Server-Side Request Forgery SSRF via attachment URL loading. During board import in Wekan, attachment URLs from user-supplied JSON data are fetched directly by the server without any URL validation or...
PinchTab has SSRF with Full Response Exfiltration via Download Handler
SSRF with Full Response Exfiltration via Download Handler Summary A Server-Side Request Forgery SSRF vulnerability in the /download endpoint allows any user with API access to induce the PinchTab server to make requests to arbitrary URLs, including internal network services and local system files...
GHSA-RW8P-C6HF-Q3PG PinchTab has SSRF with Full Response Exfiltration via Download Handler
SSRF with Full Response Exfiltration via Download Handler Summary A Server-Side Request Forgery SSRF vulnerability in the /download endpoint allows any user with API access to induce the PinchTab server to make requests to arbitrary URLs, including internal network services and local system files...
vulnweblab
Intentionally vulnerable we...
CVE-2026-29178 Lemmy: Unauthenticated SSRF via file_type query parameter injection in image endpoint
Lemmy, a link aggregator and forum for the fediverse, is vulnerable to server-side request forgery via a dependency on activitypubfederation, a framework for ActivityPub federation in Rust. Prior to version 0.19.16, the GET /api/v4/image/filename endpoint is vulnerable to unauthenticated SSRF...
CVE-2026-29178 Lemmy: Unauthenticated SSRF via file_type query parameter injection in image endpoint
Lemmy, a link aggregator and forum for the fediverse, is vulnerable to server-side request forgery via a dependency on activitypubfederation, a framework for ActivityPub federation in Rust. Prior to version 0.19.16, the GET /api/v4/image/filename endpoint is vulnerable to unauthenticated SSRF...
CVE-2026-29178 Lemmy: Unauthenticated SSRF via file_type query parameter injection in image endpoint
Lemmy, a link aggregator and forum for the fediverse, is vulnerable to server-side request forgery via a dependency on activitypubfederation, a framework for ActivityPub federation in Rust. Prior to version 0.19.16, the GET /api/v4/image/filename endpoint is vulnerable to unauthenticated SSRF...