Lucene search
K

7413 matches found

NVD
NVD
added 2026/05/05 4:16 a.m.6 views

CVE-2026-2948

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.5.3 via the importimages function. This makes it possible for authenticated attackers, with contributor-level access and above, t...

6.4CVSS0.00151EPSS
Exploits0References2
CVE
CVE
added 2026/05/05 3:37 a.m.13 views

CVE-2026-2948

The vulnerability CVE-2026-2948 affects the Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress (versions ≤ 3.5.3). It permits Server-Side Request Forgery via the import_images() function, exploitable by authenticated users with contributor-level access or higher. T...

6.4CVSS5.9AI score0.00151EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/05 3:37 a.m.8 views

CVE-2026-2948 Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem <= 3.5.3 - Authenticated (Contributor+) Server-Side Request Forgery via 'imageUrl'

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.5.3 via the importimages function. This makes it possible for authenticated attackers, with contributor-level access and above, t...

6.4CVSS5.9AI score0.00151EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/05 3:37 a.m.44 views

CVE-2026-2948 Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem <= 3.5.3 - Authenticated (Contributor+) Server-Side Request Forgery via 'imageUrl'

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.5.3 via the importimages function. This makes it possible for authenticated attackers, with contributor-level access and above, t...

6.4CVSS0.00151EPSS
Exploits0References2
OSV
OSV
added 2026/05/05 1:44 a.m.6 views

CLSA-2026-1777945456 httpd: Fix of 2 CVEs

CVE-2024-42516: fix HTTP response splitting in core httpd via header merging refactor in modules/http/httpfilters.c - CVE-2024-43204: fix SSRF in modproxy when modheaders is configured to modify Content-Type from request input...

7.5CVSS5.8AI score0.00772EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.14 views

PT-2026-37253

Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.9 Description An incomplete fix for Server-Side Request Forgery SSRF in the fetch metadata.php file allows for DNS rebinding. The system validates the resolved IP address but passes the original hostname-based URL...

6.8CVSS5.8AI score0.00236EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.14 contained security vulnerabilities. These vulnerabilities were due to improper access control in browser snapshots, screenshot generation, and tag routing. As a result,...

7.7CVSS5.8AI score0.00266EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.9 views

OpenClaw 代码问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.12 had code vulnerabilities. These vulnerabilities stemmed from server-side request forgeing in the handling of media URLs by the QQBot. This could allow attackers to provide...

9.3CVSS5.9AI score0.00251EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.7 views

PT-2026-37221

Twenty is an open source CRM built with NestJS Node.js. In versions 1.18.0 and earlier, the SSRF protection in twenty-server's SecureHttpClientService can be bypassed using IPv4-mapped IPv6 addresses in URL IP literals. Node.js's URL parser normalizes IPv4-mapped IPv6 addresses to compressed hex...

8.3CVSS5.8AI score0.0024EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.9 views

PT-2026-36962

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.5.3 via the import images function. This makes it possible for authenticated attackers, with contributor-level access and above, ...

6.4CVSS5.9AI score0.00151EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 contained security vulnerabilities. These vulnerabilities were due to a bypass of the server-side request forgery strategy used in browser tab operations, such as selecting a...

8.5CVSS5.8AI score0.00242EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.8 views

WordPress plugin Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

6.4CVSS6AI score0.00151EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/04 11:37 p.m.10 views

axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization

A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not correctly handle hostname normalization when evaluating NOPROXY rules. An attacker can exploit this by crafting requests to loopback addresses e.g., localhost. or ::1 which bypass the NOPROXY...

9.9CVSS6.2AI score0.01186EPSS
Exploits1References10
Snyk
Snyk
added 2026/05/04 10:8 p.m.9 views

Server-side Request Forgery (SSRF)

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the setconfigvalue function. An attacker can intercept all outbound HTTP traffic, steal credentials, and inject...

8.7CVSS6AI score0.00396EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.6 views

CVE-2026-7604

A vulnerability was identified in JeecgBoot up to 3.9.1. This affects the function OpenApiController.add/OpenApiController.call of the file OpenApiController.java of the component OpenApi Service. Such manipulation of the argument originUrl database leads to server-side request forgery. It is...

6.5CVSS6.3AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.7 views

CVE-2026-7603

A vulnerability was determined in JeecgBoot up to 3.9.1. Affected by this issue is the function checkPathTraversalBatch of the file FileDownloadUtils.jav of the component LoadFile Endpoint. This manipulation of the argument files causes server-side request forgery. It is possible to initiate the...

6.5CVSS6.2AI score0.00268EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.6 views

CVE-2026-7049

The PixelYourSite Pro – Your smart PIXEL TAG Manager plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 12.5.0.1 via the scanvideo. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating fro...

7.2CVSS5.9AI score0.00577EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/04 8:21 p.m.11 views

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the sendPhoto process. An attacker can cause unauthorized requests to internal or external resources by supplying a crafted outbound photo URL tha...

8.6CVSS5.8AI score0.00291EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/04 8:21 p.m.10 views

Server-side Request Forgery (SSRF)

Overview @openclaw/zalo is an OpenClaw Zalo channel plugin Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the sendPhoto process. An attacker can cause unauthorized requests to internal or external resources by supplying a crafted outbound photo URL th...

8.6CVSS5.8AI score0.00291EPSS
Exploits0References2
NVD
NVD
added 2026/05/04 6:16 p.m.7 views

CVE-2026-42140

PlantUML Macro is a macro for rendering UML diagrams from simple textual schemes. Prior to version 2.4.1, the PlantUML Macro is vulnerable to Server-Side Request Forgery SSRF. The macro allows users to specify an alternative PlantUML server via the server parameter. However, the application does...

4.4CVSS0.00151EPSS
Exploits0References3
Rows per page
Query Builder