EUVD-2026-10028

QuickCMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. An attacker can craft special website, which when visited by the victim, will automatically send a POST request with victim's privileges. This software does not implement any protection against this type of attack. Al...

CVE-2026-1468

QuickCMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. An attacker can craft special website, which when visited by the victim, will automatically send a POST request with victim's privileges. This software does not implement any protection against this type of attack. Al...

CVE-2026-1468 Cross-Site Request Forgery in QuickCMS

QuickCMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. An attacker can craft special website, which when visited by the victim, will automatically send a POST request with victim's privileges. This software does not implement any protection against this type of attack. Al...

Server-Side Request Forgery (SSRF)

mcp-fetch-server is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper private IP validation, which allows an attacker to bypass the validation mechanism and access internal network resources...

Server-Side Request Forgery (SSRF)

Angular SSR is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to Angular’s request handling pipeline trusting user-controlled Host and X-Forwarded- HTTP headers without proper validation, which allows an attacker to manipulate URL reconstruction and perform arbitrary...

CVE-2026-28680 Ghostfolio: Full-Read SSRF in Manual Asset Import

Ghostfolio is an open source wealth management software. Prior to version 2.245.0, an attacker can exploit the manual asset import feature to perform a full-read SSRF, allowing them to exfiltrate sensitive cloud metadata IMDS or probe internal network services. This issue has been patched in...

CVE-2026-28508

CVE-2026-28508 affects Idno: prior to 1.6.4, a logic error in the API authentication flow and missing login requirement on the URL unfurl endpoint results in CSRF protection bypass for unauthenticated requests. An attacker can set X-IDNO-USERNAME and X-IDNO-SIGNATURE headers to trigger is_api_req...

Lemmy 安全漏洞

Lemmy is open-source software developed by Lemmy, used for building social news aggregators and web forums. Versions of Lemmy prior to 0.19.16 contain security vulnerabilities. These vulnerabilities stem from the /api/v4/image/filename endpoint, where parameter injection may lead to server-side...

PT-2026-23744

Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 are vulnerable to Server-Side Request Forgery SSRF via attachment URL loading. During board import in Wekan, attachment URLs from user-supplied JSON data are fetched directly by the server without any URL validation or...

ABC ERP 跨站请求伪造漏洞

ABC ERP is an enterprise resource planning system developed by ABC ERP Corporation. Version 0.6.4 of ABC ERP contains a cross-site request forgeing vulnerability. This vulnerability stems from the configurarperfil.php file, which allows for cross-site request forgeing, potentially enabling...

PT-2026-23794

Name of the Vulnerable Software and Affected Versions PinchTab versions prior to 0.7.7 Description PinchTab is a standalone HTTP server designed to provide AI agents with direct control over a Chrome browser. A Server-Side Request Forgery SSRF condition exists in the /download endpoint. This allo...

CVE-2026-28451

OpenClaw versions prior to 2026.2.14 contain server-side request forgery vulnerabilities in the Feishu extension that allow attackers to fetch attacker-controlled remote URLs without SSRF protections via sendMediaFeishu function and markdown image processing. Attackers can influence tool calls...

CVE-2026-28467 OpenClaw < 2026.2.2 - SSRF via Attachment Media URL Hydration

OpenClaw versions prior to 2026.2.2 contain a server-side request forgery vulnerability in attachment and media URL hydration that allows remote attackers to fetch arbitrary HTTPS URLs. Attackers who can influence media URLs through model-controlled sendAttachment or auto-reply mechanisms can...

CVE-2026-28467

OpenClaw versions prior to 2026.2.2 contain a server-side request forgery vulnerability in attachment and media URL hydration that allows remote attackers to fetch arbitrary HTTPS URLs. Attackers who can influence media URLs through model-controlled sendAttachment or auto-reply mechanisms can...

CVE-2026-28451 OpenClaw < 2026.2.14 - SSRF via Feishu Extension Media Fetching

OpenClaw versions prior to 2026.2.14 contain server-side request forgery vulnerabilities in the Feishu extension that allow attackers to fetch attacker-controlled remote URLs without SSRF protections via sendMediaFeishu function and markdown image processing. Attackers can influence tool calls...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the NewWebFetchTool function and IsSSRFSafeURL implementation in security.go. An attacker can access internal services and sensitive data by submitting a URL that redirects to restricted internal...

GHSA-595M-WC8G-6QGC WeKnora is Vulnerable to SSRF via Redirection

Summary The application's "Import document via URL" feature is vulnerable to Server-Side Request Forgery SSRF through HTTP redirects. While the backend implements comprehensive URL validation blocking private IPs, loopback addresses, reserved hostnames, and cloud metadata endpoints, it fails to...

Plane has SSRF via Incomplete IP Validation in Webhook URL Serializer

Summary The webhook URL validation in plane/app/serializers/webhook.py only checks ip.isloopback, allowing attackers with workspace ADMIN role to create webhooks pointing to private/internal network addresses 10.x.x.x, 172.16.x.x, 192.168.x.x, 169.254.169.254, etc.. When webhook events fire, the...

web-pentest-cases

Web Application Pentesting Cases Practical web application se...

Cross-site Request Forgery (CSRF)

Overview mercurius is a GraphQL adapter for Fastify Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to incorrect parsing of the Content-Type header. An attacker can perform unauthorized actions on behalf of an authenticated user by sending specially crafted...