Lucene search
K

25726 matches found

IBM Security Bulletins
IBM Security Bulletins
added 4 hours ago8 views

Security Bulletin: Vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2026-10845, CVE-2026-8646, CVE-2026-9320, CVE-2026-9071 and CVE-2026-9006)

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about multiple vulnerabilities affecting WebSphere Application Server have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in...

9.1CVSS5.5AI score0.00338EPSS
Exploits0Affected Software1
NVD
NVD
added 6 hours ago5 views

CVE-2026-61970

Server-Side Request Forgery SSRF vulnerability in Themeisle Auto Featured Image Auto Post Thumbnail auto-post-thumbnail allows Server Side Request Forgery.This issue affects Auto Featured Image Auto Post Thumbnail: from n/a through = 5.0.4...

4.9CVSS
Exploits0References1
NVD
NVD
added 6 hours ago2 views

CVE-2026-57413

Server-Side Request Forgery SSRF vulnerability in bdthemes Instant Image Generator ai-image allows Server Side Request Forgery.This issue affects Instant Image Generator: from n/a through = 2.1.4...

6.4CVSS
Exploits0References1
NVD
NVD
added 6 hours ago2 views

CVE-2026-57407

Server-Side Request Forgery SSRF vulnerability in WP Swings PDF Generator for WordPress pdf-generator-for-wp allows Server Side Request Forgery.This issue affects PDF Generator for WordPress: from n/a through = 1.6.2...

7.2CVSS
Exploits0References1
NVD
NVD
added 6 hours ago2 views

CVE-2026-57372

Server-Side Request Forgery SSRF vulnerability in denishua WPJAM Basic wpjam-basic allows Server Side Request Forgery.This issue affects WPJAM Basic: from n/a through = 7.0...

7.2CVSS
Exploits0References1
NVD
NVD
added 6 hours ago3 views

CVE-2026-49876

Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs. A vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 through 1.2.1. Users are recommended to upgrade to...

6.5CVSS
Exploits0References2
EUVD
EUVD
added 6 hours ago4 views

EUVD-2026-43306

A Server-Side Request Forgery SSRF protection bypass existed in the htmltomarkdown expansion module of misp-modules. The module attempts to prevent requests to loopback, private, link-local, and other restricted IP address ranges. However, IP addresses were compared against the blocked ranges...

8.3CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 6 hours ago5 views

EUVD-2026-43316

This vulnerability is a critical Server-Side Template Injection SSTI in Centreon's centreon-open-tickets module that leads to Remote Code Execution. The messageconfirm field is stored without sanitization and rendered via Smarty with no security policy enabled, allowing any authenticated user, to...

9.6CVSS6.4AI score
Exploits0References2
Cvelist
Cvelist
added 7 hours ago4 views

CVE-2026-49876 Apache Gravitino: Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs

Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs. A vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 through 1.2.1. Users are recommended to upgrade to...

Exploits0References1
CVE
CVE
added 7 hours ago6 views

CVE-2026-49876

Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs. A vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 through 1.2.1. Users are recommended to upgrade to...

6.5CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 7 hours ago5 views

CVE-2026-61970 WordPress Auto Featured Image (Auto Post Thumbnail) plugin <= 5.0.4 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Themeisle Auto Featured Image Auto Post Thumbnail auto-post-thumbnail allows Server Side Request Forgery.This issue affects Auto Featured Image Auto Post Thumbnail: from n/a through = 5.0.4...

4.9CVSS
Exploits0References1
CVE
CVE
added 7 hours ago11 views

CVE-2026-57793

CVE-2026-57793 affects the Flow WordPress theme by Elated-Themes. The issue is an improper filename control in Include/Require statements, resulting in a PHP Local File Inclusion (LFI). Affected versions are Flow:

7.5CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 7 hours ago4 views

CVE-2026-57407 WordPress PDF Generator for WordPress plugin <= 1.6.2 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in WP Swings PDF Generator for WordPress pdf-generator-for-wp allows Server Side Request Forgery.This issue affects PDF Generator for WordPress: from n/a through = 1.6.2...

7.2CVSS
Exploits0References1
CVE
CVE
added 7 hours ago5 views

CVE-2026-57407

The vulnerability concerns the WordPress plugin PDF Generator for WordPress (plugin name shown as pdf-generator-for-wp) and is described as a Server-Side Request Forgery (SSRF) . Affected versions are listed as “from n/a through

7.2CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 7 hours ago4 views

CVE-2026-57372 WordPress WPJAM Basic plugin <= 7.0 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in denishua WPJAM Basic wpjam-basic allows Server Side Request Forgery.This issue affects WPJAM Basic: from n/a through = 7.0...

7.2CVSS
Exploits0References1
CVE
CVE
added 7 hours ago5 views

CVE-2026-57372

CVE-2026-57372 is a Server-Side Request Forgery (SSRF) vulnerability affecting the WordPress WPJAM Basic plugin (wpjam-basic) versions up to and including 7.0. The CVE entry states the issue is a SSRF in WPJAM Basic, but the provided documents do not specify the underlying code path, affected fun...

7.2CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 8 hours ago11 views

CVE-2026-14453 A user with low privileges can inject SSTI templates that can lead to RCE in open-tickets

This vulnerability is a critical Server-Side Template Injection SSTI in Centreon's centreon-open-tickets module that leads to Remote Code Execution. The messageconfirm field is stored without sanitization and rendered via Smarty with no security policy enabled, allowing any authenticated user, to...

9.6CVSS
Exploits0References1
CVE
CVE
added 8 hours ago13 views

CVE-2026-14453

The CVE-2026-14453 issue is a critical Server-Side Template Injection (SSTI) in Centreon’s centreon-open-tickets module. The message_confirm field is stored without sanitization and rendered through Smarty with no security policy, allowing any authenticated user to inject and execute arbitrary co...

9.6CVSS6.4AI score
Exploits0References1
CVE
CVE
added 8 hours ago9 views

CVE-2026-62143

The CVE-2026-62143 issue affects the html_to_markdown expansion module of misp-modules. An SSRF protection bypass occurred because IPv4-mapped IPv6 addresses were not normalised before checking blocked IP ranges, allowing an authenticated attacker to supply addresses like http://[::ffff:127.0.0.1...

8.3CVSS6.1AI score
Exploits0References1
CVE
CVE
added 9 hours ago4 views

CVE-2026-15540

CVE-2026-15540 affects SourceCodester Online Book Store System 1.0. The Administrative Interface file /admin/index.php contains a vulnerability where manipulating the page parameter leads to improper control of the filename used in include/require statements in PHP, i.e., a local file inclusion. ...

5.3CVSS5.9AI score
Exploits0References6
Rows per page
Query Builder