PT-2026-8308

A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embedding config.py of the component IP Address Handler. Performing a manipulation results in server-side request forgery. It is possible to...

📄 Precurio Intranet Portal 4.4 Cross Site Request Forgery / Shell Upload

Precurio Intranet Portal version 4.4 proof of concept cross site request forgery and remote shell upload exploit. ============================================================================================================================================= | Title : Precurio Intranet Portal 4.4...

CVE-2026-25991

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, there is a Blind Server-Side Request Forgery SSRF vulnerability in the Cookmate recipe import feature of Tandoor Recipes. The application fails to validate the destination URL afte...

CVE-2026-1249

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Server-Side Request Forgery in versions 5.3 to 5.10 via the 'loadlyricsajaxcallback' function. This makes it possible for authenticated attackers, with author level access and above, to mak...

CVE-2026-1249 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 5.3 - 5.10 - Authenticated (Author+) Server-Side Request Forgery

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Server-Side Request Forgery in versions 5.3 to 5.10 via the 'loadlyricsajaxcallback' function. This makes it possible for authenticated attackers, with author level access and above, to mak...

CVE-2026-0745

The User Language Switch plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.10 due to missing URL validation on the 'downloadlanguage' function. This makes it possible for authenticated attackers, with Administrator-level access and above, ...

CVE-2025-14852 MDirector Newsletter <= 4.5.8 - Cross-Site Request Forgery to Plugin Settings Update

The MDirector Newsletter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.8. This is due to missing nonce verification on the mdirectorNewsletterSave function. This makes it possible for unauthenticated attackers to update the plugin's...

CVE-2025-14852

CVE-2025-14852 affects the MDirector Newsletter WordPress Plugin up to version 4.5.8. Wordfence reports a Cross-Site Request Forgery vulnerability caused by missing nonce verification in mdirectorNewsletterSave, enabling unauthenticated attackers to update plugin settings if a site admin is trick...

CVE-2026-0745

CVE-2026-0745: WordPress User Language Switch plugin

CVE-2026-1983 SEATT: Simple Event Attendance <= 1.5.0 - Cross-Site Request Forgery to Arbitrary Event Deletion

The SEATT: Simple Event Attendance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This is due to missing nonce validation on the event deletion functionality. This makes it possible for unauthenticated attackers to delete arbitrary...

CVE-2026-1983 SEATT: Simple Event Attendance <= 1.5.0 - Cross-Site Request Forgery to Arbitrary Event Deletion

The SEATT: Simple Event Attendance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This is due to missing nonce validation on the event deletion functionality. This makes it possible for unauthenticated attackers to delete arbitrary...

PT-2026-8293

CVE-2026-26303 - Apache HTTP Server Cross-Site Request Forgery CSRF CVE ID : CVE-2026-26303 Published : Feb. 14, 2026, 4:15 a.m. | 1 hour, 26 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline,...

CVE-2026-25991 Tandoor Recipes affected by Blind SSRF with Internal Network Access via Recipe Import

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, there is a Blind Server-Side Request Forgery SSRF vulnerability in the Cookmate recipe import feature of Tandoor Recipes. The application fails to validate the destination URL afte...

CVE-2026-25991

Technical details beyond what is provided are not publicly available in the supplied documents. Monitor for updates.

CVE-2026-25991 Tandoor Recipes affected by Blind SSRF with Internal Network Access via Recipe Import

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, there is a Blind Server-Side Request Forgery SSRF vulnerability in the Cookmate recipe import feature of Tandoor Recipes. The application fails to validate the destination URL afte...

PT-2026-8263

CVE-2025-36524 - Apache Struts SSRF CVE ID : CVE-2025-36524 Published : Feb. 13, 2026, 7:16 p.m. | 18 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused Severity: 0.0 | NA Visit the link for more details, such ...

CVE-2026-26005 ClipBucket v5 enables internal network scans via an SSRF vulnerability

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - 45, in Clip Bucket V5, The Remote Play allows creating video entries that reference external video URLs without uploading the video files to the server. However, by specifying an internal network host in the video URL, an SS...

UBUNTU-CVE-2025-69634

Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field in perms.php NOTE: this is disputed by a third party who indicates that exploitation can only occur if an unprivileged user knows the token of an admin user...

CVE-2026-1356

The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.5.1 via the PassthruLoader::loadimagesource function. This makes it possible for unauthenticated attackers to make web requests...

CVE-2026-1356

CVE-2026-1356 affects the WordPress plugin “Converter for Media – Optimize images | Convert WebP & AVIF” and its vulnerable scope includes all versions up to and including 6.5.1. The issue is a Server-Side Request Forgery (SSRF) via PassthruLoader::load_image_source, enabling unauthenticated atta...