Lucene search
K

7419 matches found

RedhatCVE
RedhatCVE
โ€ขadded 2026/05/04 8:21 p.m.โ€ข7 views

CVE-2026-7603

A vulnerability was determined in JeecgBoot up to 3.9.1. Affected by this issue is the function checkPathTraversalBatch of the file FileDownloadUtils.jav of the component LoadFile Endpoint. This manipulation of the argument files causes server-side request forgery. It is possible to initiate the...

6.5CVSS6.2AI score0.00268EPSS
Exploits0References1
RedhatCVE
RedhatCVE
โ€ขadded 2026/05/04 8:21 p.m.โ€ข6 views

CVE-2026-7049

The PixelYourSite Pro โ€“ Your smart PIXEL TAG Manager plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 12.5.0.1 via the scanvideo. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating fro...

7.2CVSS5.9AI score0.00577EPSS
Exploits0References1
Snyk
Snyk
โ€ขadded 2026/05/04 8:21 p.m.โ€ข11 views

Server-side Request Forgery (SSRF)

Overview openclaw is a ๐Ÿฆž OpenClaw โ€” Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the sendPhoto process. An attacker can cause unauthorized requests to internal or external resources by supplying a crafted outbound photo URL tha...

8.6CVSS5.8AI score0.00291EPSS
Exploits0References2
Snyk
Snyk
โ€ขadded 2026/05/04 8:21 p.m.โ€ข10 views

Server-side Request Forgery (SSRF)

Overview @openclaw/zalo is an OpenClaw Zalo channel plugin Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the sendPhoto process. An attacker can cause unauthorized requests to internal or external resources by supplying a crafted outbound photo URL th...

8.6CVSS5.8AI score0.00291EPSS
Exploits0References2
NVD
NVD
โ€ขadded 2026/05/04 6:16 p.m.โ€ข7 views

CVE-2026-42140

PlantUML Macro is a macro for rendering UML diagrams from simple textual schemes. Prior to version 2.4.1, the PlantUML Macro is vulnerable to Server-Side Request Forgery SSRF. The macro allows users to specify an alternative PlantUML server via the server parameter. However, the application does...

4.4CVSS0.00151EPSS
Exploits0References3
Cvelist
Cvelist
โ€ขadded 2026/05/04 4:55 p.m.โ€ข48 views

CVE-2026-40682 Apache OpenNLP: XXE via Dictionary Parsing in DictionaryEntryPersistor

XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...

0.00515EPSS
Exploits0References1
Snyk
Snyk
โ€ขadded 2026/05/04 4:53 p.m.โ€ข6 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the imgPostURLInfo function. An attacker can cause the server to initiate outbound HTTP HEAD requests to arbitrary endpoints by supplying a crafted URL during the image import preflight stage. This c...

5.3CVSS5.9AI score0.00271EPSS
Exploits1References2
Patchstack
Patchstack
โ€ขadded 2026/05/04 2:51 p.m.โ€ข8 views

WordPress Gutenverse โ€“ Ultimate WordPress FSE Blocks Addons & Ecosystem plugin <= 3.5.3 - Authenticated (Contributor+) Server-Side Request Forgery vulnerability

Authenticated Contributor+ Server-Side Request Forgery vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Gutenverse versions = 3.5.3...

6.4CVSS5.8AI score0.00151EPSS
Exploits0References1Affected Software1
NVD
NVD
โ€ขadded 2026/05/04 5:16 a.m.โ€ข10 views

CVE-2026-7729

A security flaw has been discovered in pixelsock directus-mcp 1.0.0. This issue affects the function validateUrl of the file index.ts of the component MCP Interface. Performing a manipulation of the argument fileUrl results in server-side request forgery. The attack may be initiated remotely. The...

6.5CVSS0.00214EPSS
Exploits0References7
Cvelist
Cvelist
โ€ขadded 2026/05/04 3:45 a.m.โ€ข30 views

CVE-2026-7729 pixelsock directus-mcp MCP index.ts validateUrl server-side request forgery

A security flaw has been discovered in pixelsock directus-mcp 1.0.0. This issue affects the function validateUrl of the file index.ts of the component MCP Interface. Performing a manipulation of the argument fileUrl results in server-side request forgery. The attack may be initiated remotely. The...

6.5CVSS0.00214EPSS
Exploits0References7
Vulnrichment
Vulnrichment
โ€ขadded 2026/05/04 3:45 a.m.โ€ข4 views

CVE-2026-7729 pixelsock directus-mcp MCP index.ts validateUrl server-side request forgery

A security flaw has been discovered in pixelsock directus-mcp 1.0.0. This issue affects the function validateUrl of the file index.ts of the component MCP Interface. Performing a manipulation of the argument fileUrl results in server-side request forgery. The attack may be initiated remotely. The...

6.5CVSS6.3AI score0.00214EPSS
Exploits0References7
EUVD
EUVD
โ€ขadded 2026/05/04 3:45 a.m.โ€ข23 views

EUVD-2026-26883

A security flaw has been discovered in pixelsock directus-mcp 1.0.0. This issue affects the function validateUrl of the file index.ts of the component MCP Interface. Performing a manipulation of the argument fileUrl results in server-side request forgery. The attack may be initiated remotely. The...

6.5CVSS5.5AI score0.00214EPSS
Exploits0References7
CNNVD
CNNVD
โ€ขadded 2026/05/04 12:0 a.m.โ€ข9 views

PlantUML Macro ไปฃ็ ้—ฎ้ข˜ๆผๆดž

PlantUML Macro is an open-source tool developed by XWiki Contrib that generates chart images from textual definitions. Versions of PlantUML Macro prior to 2.4.1 had code vulnerabilities; these vulnerabilities stemmed from the lack of validation of the URLs provided by server parameters, which cou...

4.4CVSS5.9AI score0.00151EPSS
Exploits0References1
GithubExploit
GithubExploit
โ€ขadded 2026/05/03 7:5 p.m.โ€ข75 views

Exploit for Server-Side Request Forgery in Vllm

No d...

5.4CVSS5.8AI score0.00246EPSS
Exploits1
Cvelist
Cvelist
โ€ขadded 2026/05/02 7:46 a.m.โ€ข59 views

CVE-2026-6229 Royal Addons for Elementor <= 1.7.1057 - Authenticated (Contributor+) Server-Side Request Forgery via CSV URL Parameter

The Royal Elementor Addons plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.7.1057. This is due to insufficient validation of user-supplied URLs in the rendercsvdata function, which can be bypassed by including 'docs.google.com/spreadsheets' in...

7.2CVSS0.00379EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
โ€ขadded 2026/05/02 7:46 a.m.โ€ข3 views

CVE-2026-6229

The Royal Elementor Addons plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.7.1057. This is due to insufficient validation of user-supplied URLs in the rendercsvdata function, which can be bypassed by including 'docs.google.com/spreadsheets' in...

7.2CVSS5.9AI score0.00379EPSS
Exploits0References11
EUVD
EUVD
โ€ขadded 2026/05/02 7:46 a.m.โ€ข22 views

EUVD-2026-26757

The Royal Elementor Addons plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.7.1057. This is due to insufficient validation of user-supplied URLs in the rendercsvdata function, which can be bypassed by including 'docs.google.com/spreadsheets' in...

7.2CVSS5.9AI score0.00379EPSS
Exploits0References10
Vulnrichment
Vulnrichment
โ€ขadded 2026/05/02 7:46 a.m.โ€ข6 views

CVE-2026-6229 Royal Addons for Elementor <= 1.7.1057 - Authenticated (Contributor+) Server-Side Request Forgery via CSV URL Parameter

The Royal Elementor Addons plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.7.1057. This is due to insufficient validation of user-supplied URLs in the rendercsvdata function, which can be bypassed by including 'docs.google.com/spreadsheets' in...

7.2CVSS5.9AI score0.00379EPSS
Exploits0References10
NVD
NVD
โ€ขadded 2026/05/02 7:16 a.m.โ€ข3 views

CVE-2026-7605

A security flaw has been discovered in JeecgBoot up to 3.9.1. This vulnerability affects the function CommonController.uploadImgByHttp/HttpFileToMultipartFileUtil.httpFileToMultipartFile/HttpFileToMultipartFileUtil.downloadImageData of the file CommonController.java of the component...

6.5CVSS0.00214EPSS
Exploits0References6
NVD
NVD
โ€ขadded 2026/05/02 6:16 a.m.โ€ข3 views

CVE-2026-6812

The Ona theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.26 via the onaactivatechildtheme. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating...

4.4CVSS0.0025EPSS
Exploits0References5
Rows per page
Query Builder