Lucene search
K

7419 matches found

Vulnrichment
Vulnrichment
added 2026/05/02 6:15 a.m.6 views

CVE-2026-7605 JeecgBoot uploadImgByHttpEndpoint CommonController.java HttpFileToMultipartFileUtil.downloadImageData server-side request forgery

A security flaw has been discovered in JeecgBoot up to 3.9.1. This vulnerability affects the function CommonController.uploadImgByHttp/HttpFileToMultipartFileUtil.httpFileToMultipartFile/HttpFileToMultipartFileUtil.downloadImageData of the file CommonController.java of the component...

6.5CVSS6.3AI score0.00214EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/02 6:15 a.m.31 views

CVE-2026-7605 JeecgBoot uploadImgByHttpEndpoint CommonController.java HttpFileToMultipartFileUtil.downloadImageData server-side request forgery

A security flaw has been discovered in JeecgBoot up to 3.9.1. This vulnerability affects the function CommonController.uploadImgByHttp/HttpFileToMultipartFileUtil.httpFileToMultipartFile/HttpFileToMultipartFileUtil.downloadImageData of the file CommonController.java of the component...

6.5CVSS0.00214EPSS
Exploits0References6
CVE
CVE
added 2026/05/02 6:15 a.m.12 views

CVE-2026-7605

JeecgBoot up to 3.9.1 is affected by SSRF in CommonController.uploadImgByHttp, HttpFileToMultipartFileUtil.httpFileToMultipartFile, and HttpFileToMultipartFileUtil.downloadImageData. Root cause is manipulation of input data enabling server-side requests. Impact is network-exposed SSRF with potent...

6.5CVSS6.2AI score0.00214EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/02 6:15 a.m.4 views

CVE-2026-7605

A security flaw has been discovered in JeecgBoot up to 3.9.1. This vulnerability affects the function CommonController.uploadImgByHttp/HttpFileToMultipartFileUtil.httpFileToMultipartFile/HttpFileToMultipartFileUtil.downloadImageData of the file CommonController.java of the component...

6.5CVSS6.3AI score0.00214EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/02 6:15 a.m.4 views

EUVD-2026-26753

A security flaw has been discovered in JeecgBoot up to 3.9.1. This vulnerability affects the function CommonController.uploadImgByHttp/HttpFileToMultipartFileUtil.httpFileToMultipartFile/HttpFileToMultipartFileUtil.downloadImageData of the file CommonController.java of the component...

6.5CVSS5.5AI score0.00214EPSS
Exploits0References6
CVE
CVE
added 2026/05/02 5:29 a.m.15 views

CVE-2026-6812

The CVE-2026-6812 entry concerns the Ona theme for WordPress. A Server-Side Request Forgery (SSRF) is possible in all versions up to and including 1.26 via ona_activate_child_theme, enabling authenticated attackers with administrator-level access to make outbound requests from the web application...

4.4CVSS5.9AI score0.0025EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/02 5:29 a.m.4 views

CVE-2026-6812

The Ona theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.26 via the onaactivatechildtheme. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating...

4.4CVSS5.9AI score0.0025EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/02 5:29 a.m.8 views

EUVD-2026-26747

The Ona theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.26 via the onaactivatechildtheme. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating...

4.4CVSS5.9AI score0.0025EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/02 5:29 a.m.7 views

CVE-2026-7049 PixelYourSite Pro <= 12.5.0.1 - Unauthenticated Blind Server-Side Request Forgery via 'urls[]' Parameter

The PixelYourSite Pro – Your smart PIXEL TAG Manager plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 12.5.0.1 via the scanvideo. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating fro...

7.2CVSS5.9AI score0.00577EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/05/02 5:29 a.m.31 views

CVE-2026-6812 Ona <= 1.26 - Authenticated (Administrator+) Blind Server-Side Request Forgery via 'download_link' Parameter

The Ona theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.26 via the onaactivatechildtheme. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating...

4.4CVSS0.0025EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/02 5:29 a.m.3 views

CVE-2026-7049

The PixelYourSite Pro – Your smart PIXEL TAG Manager plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 12.5.0.1 via the scanvideo. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating fro...

7.2CVSS5.9AI score0.00577EPSS
Exploits0References11
CVE
CVE
added 2026/05/02 5:29 a.m.34 views

CVE-2026-7049

CVE-2026-7049 concerns the PixelYourSite Pro – Your smart PIXEL (TAG) Manager plugin for WordPress. All versions up to and including 12.5.0.1 are affected by a Server-Side Request Forgery via the scan_video parameter. The vulnerability allows unauthenticated attackers to cause the web application...

7.2CVSS5.9AI score0.00577EPSS
Exploits0References10
NVD
NVD
added 2026/05/02 5:16 a.m.4 views

CVE-2026-7603

A vulnerability was determined in JeecgBoot up to 3.9.1. Affected by this issue is the function checkPathTraversalBatch of the file FileDownloadUtils.jav of the component LoadFile Endpoint. This manipulation of the argument files causes server-side request forgery. It is possible to initiate the...

6.5CVSS0.00268EPSS
Exploits0References6
NVD
NVD
added 2026/05/02 5:16 a.m.6 views

CVE-2026-7604

A vulnerability was identified in JeecgBoot up to 3.9.1. This affects the function OpenApiController.add/OpenApiController.call of the file OpenApiController.java of the component OpenApi Service. Such manipulation of the argument originUrl database leads to server-side request forgery. It is...

6.5CVSS0.00214EPSS
Exploits0References6
CVE
CVE
added 2026/05/02 4:45 a.m.14 views

CVE-2026-7604

JeecgBoot up to 3.9.1 is affected by a server-side request forgery in the OpenApi Service, specifically through OpenApiController.add/OpenApiController.call in OpenApiController.java. The vulnerability arises from manipulating the originUrl in the database, enabling remote exploitation. An exploi...

6.5CVSS6.3AI score0.00214EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/02 4:45 a.m.3 views

CVE-2026-7604

A vulnerability was identified in JeecgBoot up to 3.9.1. This affects the function OpenApiController.add/OpenApiController.call of the file OpenApiController.java of the component OpenApi Service. Such manipulation of the argument originUrl database leads to server-side request forgery. It is...

6.5CVSS6.3AI score0.00214EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/02 4:45 a.m.5 views

EUVD-2026-26739

A vulnerability was identified in JeecgBoot up to 3.9.1. This affects the function OpenApiController.add/OpenApiController.call of the file OpenApiController.java of the component OpenApi Service. Such manipulation of the argument originUrl database leads to server-side request forgery. It is...

6.5CVSS6.3AI score0.00214EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/02 4:45 a.m.31 views

CVE-2026-7604 JeecgBoot OpenApi Service OpenApiController.java OpenApiController.call server-side request forgery

A vulnerability was identified in JeecgBoot up to 3.9.1. This affects the function OpenApiController.add/OpenApiController.call of the file OpenApiController.java of the component OpenApi Service. Such manipulation of the argument originUrl database leads to server-side request forgery. It is...

6.5CVSS0.00214EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/02 4:15 a.m.33 views

CVE-2026-7603 JeecgBoot LoadFile Endpoint FileDownloadUtils.jav checkPathTraversalBatch server-side request forgery

A vulnerability was determined in JeecgBoot up to 3.9.1. Affected by this issue is the function checkPathTraversalBatch of the file FileDownloadUtils.jav of the component LoadFile Endpoint. This manipulation of the argument files causes server-side request forgery. It is possible to initiate the...

6.5CVSS0.00268EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/02 4:15 a.m.5 views

EUVD-2026-26738

A vulnerability was determined in JeecgBoot up to 3.9.1. Affected by this issue is the function checkPathTraversalBatch of the file FileDownloadUtils.jav of the component LoadFile Endpoint. This manipulation of the argument files causes server-side request forgery. It is possible to initiate the...

6.5CVSS6.2AI score0.00268EPSS
Exploits0References6
Rows per page
Query Builder