Lucene search
+L

706 matches found

CNNVD
CNNVD
added 2026/06/09 12:0 a.m.20 views

VMware Spring Framework 代码问题漏洞

VMware Spring Framework is an open-source Java/JavaEE application framework developed by VMware, Inc. This framework helps developers build high-quality applications. VMware Spring Framework versions 7.0.0 and earlier, as well as 6.2.0 and earlier, have code vulnerabilities. These vulnerabilities...

6.5CVSS5.5AI score0.00123EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.10 views

PT-2026-47975

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server affected versions not specified Description An improper authorization issue leads to Server-side Request Forgery SSRF, a flaw where a server is tricked into making unintended requests to an internal or external...

8.1CVSS5.5AI score0.00454EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.16 views

jshERP(华夏ERP) 代码问题漏洞

jshERP Huaxia ERP is a domestic ERP system developed by Jishan Hua. Versions of jshERP 3.6 and earlier contained code vulnerabilities. These vulnerabilities stemmed from improper handling of the parameter platformValue in the platformConfig Add endpoint, specifically in the insertPlatformConfig...

5.8CVSS5AI score0.00232EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/06 4:30 p.m.13 views

EUVD-2026-34972

A flaw has been found in perfree go-fastdfs-web up to 1.3.7. Affected is the function checkServer of the file /install/checkServer of the component Installation Endpoint. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. The exploit has been...

7.5CVSS5AI score0.00409EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.11 views

CVE-2026-29226

Server-Side Request Forgery SSRF vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

7.3CVSS5.4AI score0.00473EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.11 views

CVE-2026-10276

A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component getbuildstatus/getbuildlog/triggerbuild. Such manipulation leads to server-side request forgery. The attack may be performed from remote. T...

6.5CVSS6AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.10 views

CVE-2026-10241

A security flaw has been discovered in jeecgboot The server processes these URLs up to 3.9.1. This affects the function FileDownloadUtils.download2DiskFromNet of the file /airag/app/debug of the component Cloud Instance Metadata Endpoint. The manipulation results in server-side request forgery. T...

6.5CVSS6AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.9 views

CVE-2026-36759

A Server-Side Request Forgery SSRF in the /themes/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

6.5CVSS5.5AI score0.00209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.11 views

CVE-2026-43979

Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.0, PDFService.markdowntohtml constructs an HTML document by interpolating user-controlled values — specifically title sourced from research.title or research.query and metadata key-value pairs —...

5CVSS5.6AI score0.00263EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.16 views

CVE-2026-41130

Craft CMS is a content management system CMS. In versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14, the resource-js endpoint in Craft CMS allows unauthenticated requests to proxy remote JavaScript resources. When trustedHosts is not explicitly restricted default...

7CVSS5.7AI score0.0026EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.9 views

CVE-2026-49120

Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform unauthorized internal network requests by creating FHIR Subscription resources with arbitrary endpoint URLs. Attackers can point subscription endpoints ...

8.5CVSS5.6AI score0.00229EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.12 views

CVE-2026-6625

A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulnerability is the function LocalFileServiceImpl.uploadPictureByUrl of the file mogupicture/src/main/java/com/moxi/mogublog/picture/service/impl/LocalFileServiceImpl.java of the component Picture...

7.5CVSS6.6AI score0.003EPSS
Exploits0References1
NVD
NVD
added 2026/06/05 12:16 a.m.8 views

CVE-2026-10586

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.3 via the saveaigeneratedimage function. This makes it possible for authenticated attackers, with Author-level...

7.2CVSS0.00213EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/06/04 4:55 p.m.19 views

Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public

Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root. It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public. Cisco's PSIRT says it has not seen the flaw...

8.6CVSS6.2AI score0.41694EPSS
Exploits3
NCSC
NCSC
added 2026/06/04 11:34 a.m.14 views

Lack of transparency in Cisco Unified Communications Manager

Cisco has identified a vulnerability in Unified Communications Manager CM and Unified Communications Manager Session Management Edition CM SME. A malicious individual could exploit this vulnerability to carry out a Server-Side Request Forgery SSRF attack. Successful exploitation could result in t...

8.6CVSS5.8AI score0.41694EPSS
Exploits3References1
OSV
OSV
added 2026/06/03 9:16 p.m.14 views

GHSA-JMMV-H3MP-59V8 Docling Core: Unsafe remote filename resolution

Impact In versions = 1.5.0, = 2.74.1 Workarounds If upgrading is not immediately possible, avoid passing untrusted URLs into remote fetch functionality. References - Fix release: v2.74.1...

8.6CVSS5.8AI score0.00286EPSS
Exploits0References3
NVD
NVD
added 2026/06/03 6:16 p.m.22 views

CVE-2026-20230

A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct server-side request forgery SSRF attacks through an affected device. This vulnerability ...

8.6CVSS0.41694EPSS
Exploits3References3
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.11 views

CRMEB 代码问题漏洞

CRMEB is an open-source Java e-commerce system developed by CRMEB. Version 1.4 of CRMEB has code vulnerabilities. These vulnerabilities stem from the operation of the RestTemplate.getForEntity function in the base64QrcodeEndpoint component located in the...

7.5CVSS7.3AI score0.00294EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.12 views

Cisco Unified Communications Manager 代码问题漏洞

Cisco Unified Communications Manager is a call processing component within the unified communication system developed by Cisco, Inc. This component provides an scalable, distributed, and highly available solution for enterprise IP telephony call processing. There is a code vulnerability in Cisco...

8.6CVSS6AI score0.41694EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2026/06/02 11:15 p.m.9 views

CVE-2026-10690 wonderwhy-er DesktopCommanderMCP read_file filesystem.ts readFileFromUrl server-side request forgery

A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component readfile. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References7
Rows per page
Query Builder