CVE-2026-24962

CVE-2026-24962 affects Brainstorm Force Sigmize (WordPress plugin) with versions n/a through 0.0.9. A Cross-Site Request Forgery (CSRF) flaw exists due to insufficient protection, enabling actions on behalf of authenticated users. PT-2026-6227 recommends upgrading to a version greater than 0.0.9....

CVE-2026-24961

Server-Side Request Forgery SSRF vulnerability in ThemeGoods Grand Blog grandblog allows Server Side Request Forgery.This issue affects Grand Blog: from n/a through 3.1.5...

CVE-2026-24961 WordPress Grand Blog theme < 3.1.5 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in ThemeGoods Grand Blog grandblog allows Server Side Request Forgery.This issue affects Grand Blog: from n/a through 3.1.5...

CVE-2026-24942 WordPress WpEvently plugin <= 5.1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in magepeopleteam WpEvently mage-eventpress allows Cross Site Request Forgery.This issue affects WpEvently: from n/a through = 5.1.1...

EUVD-2026-5213

Cross-Site Request Forgery CSRF vulnerability in magepeopleteam WpEvently mage-eventpress allows Cross Site Request Forgery.This issue affects WpEvently: from n/a through = 5.1.1...

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2019-19006link is external Sangoma FreePBX Improper Authentication Vulnerability CVE-2021-39935link is external GitLab Community and Enterprise Editions...

EUVD-2026-5269

Cross-site request forgery vulnerability exists in WRC-X1500GS-B and WRC-X1500GSA-B. If a user accesses a malicious page while logged-in to the affected product, unintended operations may be performed...

CVE-2026-20704

Cross-site request forgery vulnerability exists in ELECOM wireless LAN products. If a user accesses a malicious page while logged-in to the affected product, unintended operations may be performed...

EUVD-2025-206693

Tiny File Manager through 2.6 contains a server-side request forgery SSRF vulnerability in the URL upload feature. Due to insufficient validation of user-supplied URLs, an attacker can send crafted requests to localhost by using http://www.127.0.0.1.example.com/ or a similarly constructed domain...

WordPress plugin Grand Blog 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin WpEvently 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

GO-2026-4355 Rekor affected by Server-Side Request Forgery (SSRF) via provided public key URL in github.com/sigstore/rekor

Rekor affected by Server-Side Request Forgery SSRF via provided public key URL in github.com/sigstore/rekor...

CVE-2026-24007 Tuleap is missing CSRF protection in the Overview inconsistent items

Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap is missing CSRF protection in the Overview inconsistent items. An attacker could use this vulnerability to trick victims into repairing inconsistent items creating artifact links from the release. This...

GHSA-FWHW-CHW4-GH37 Keycloak Server-Side Request Forgery (SSRF) vulnerability

A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services...

BIT-DISCOURSE-2025-68662 FinalDestination hostname matching allows SSRF protection bypass

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname validation issue in FinalDestination could allow bypassing SSRF protections under certain conditions. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and...

CVE-2026-1518 Keycloak: blind server-side request forgery (ssrf) via ciba backchannel notification endpoint in keycloak

A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services...

CVE-2026-0658 Five Star Restaurant Reservations < 2.7.9 - Arbitrary Bookings Deletion via CSRF

The Five Star Restaurant Reservations WordPress plugin before 2.7.9 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting bookings via CSRF attacks...

CVE-2026-0658

The CVE affects the Five Star Restaurant Reservations WordPress plugin (before 2.7.9). Root cause: missing CSRF protections in some bulk actions, enabling a logged-in admin to perform unintended actions (e.g., deleting bookings) via CSRF. Impact described as potential unauthorized admin actions; ...

📄 Mailpit Server-Side Request Forgery

A server-side request forgery vulnerability exists in Mailpit's /proxy endpoint that allows attackers to make requests to internal network resources. Versions prior to 1.28.0 are affected. Mailpit - Server-Side Request Forgery SSRF Advisory ID: RO-26-001 CVE ID: CVE-2026-21859 Severity: Medium...

EUVD-2026-5054

The Popup Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.1.1. This is due to a flawed nonce implementation in the 'publishunpublishpopupbox' function that verifies a self-created nonce rather than one submitted in the request. This mak...